1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Load external JS only from specific referrer/domain

Discussion in 'HTML & JavaScript' started by darkstar69, May 29, 2016.

  1. darkstar69

    darkstar69 Jr. VIP Jr. VIP

    Joined:
    Nov 15, 2008
    Messages:
    806
    Likes Received:
    880
    Occupation:
    Big Boss
    Location:
    On The Dark Side
    Hello,
    is it possible to load external JS files only when they are called form a specific referrer/domain?

    Example:
    Let´s say there is mylandingpage.com and myjsfiles.com
    On mylandingpage.com I have the code
    Code:
    <script src="http://myjsfiles.com/examplejavascript.js"></script>
    and I want that the JS file is only loaded when it´s called from mylandingpage.com, when someones tries to load it from another domain or tries to call it dirtectly it should show an error or nothing.
    Is something like that possible?
     
  2. MrBlue

    MrBlue Senior Member

    Joined:
    Dec 18, 2009
    Messages:
    969
    Likes Received:
    678
    Occupation:
    Web/Bot Developer
    You can restrict access to specific filetypes (including JavaScript files) by whitelisting your domains via htaccess
    Code:
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?mylandingpage.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?myotherlandingpage.com/.*$ [NC]
    RewriteRule \.(js|gif|jpg)$ - [F]
    
     
  3. darkstar69

    darkstar69 Jr. VIP Jr. VIP

    Joined:
    Nov 15, 2008
    Messages:
    806
    Likes Received:
    880
    Occupation:
    Big Boss
    Location:
    On The Dark Side
    Thank you, will check it. But is there another possibility in JS to check it in the files directly similar to

    PHP:
    <?php
    if($ref==mydomain.com)
    {
    show javascript
    }
    else
    {
    error
    }
    ?>
    ?
     
  4. Des_cartes

    Des_cartes Junior Member

    Joined:
    Jan 19, 2012
    Messages:
    160
    Likes Received:
    64
    Yes like that:
    Code:
    <?php
    if ($_SERVER['HTTP_REFERER'] === 'mydomain.com') { ?>
        // Add JS code here
    <?php } ?>
    
    But MrBlue solution is better and it's not protecting your code if it's what you are trying to do.
     
  5. cloaking

    cloaking Registered Member

    Joined:
    Aug 21, 2015
    Messages:
    94
    Likes Received:
    31
    What you're looking to test is whether the current URL (not the referrer) matches "mylandingpage.com".

    Using .htaccess is certainly the best approach. With Des-cartes' PHP code above, once the JavaScript is output for visitors, they can subsequently reference to it without having to pass the PHP test.

    If you're looking for a JavaScript-specific approach, this would throw an error if the script is loaded on a domain that doesn't match "mylandingpage.com" (preventing the remaining code from executing):

    Code:
    if (window.location.href.indexOf("mylandingpage.com") == -1) {
      throw new Error();
    }