does anyone here know how to make an API URL only accessible via GET requests on a specific website and not available by viewing the page itself?
this is what i mean:
if you try to view the page manually, that doesn’t work
anything other than a GET request doesn’t work either
and GET requests only go through on a specific website
whats the situation?
anyways you could always use headers, so if the request has the Accept: 'application/json'
header, you return data. This would only work for viewing the page though, there’s always a way to proxy get requests, unless you set up a token system or something
unless you use credentials: “include“
, that may work, but there’s probably a way to spoof that, it all depends on why you want to do that.
the situation is:
im making a social media called bit talk, but the thing is
all the data is held in one big JSON file, including every user’s login info.
since the JSON file is stored outside of the /site folder in my replit project, i cant access it without an API endpoint (i think)
i want to make the endpoint private so nobody can login to anyone else’s accounts
if you know how to get a JSON file from outside the main folder please tell me
../toleavefolders.json
but please just learn a real database, json databases are only for extreme prototypes and really really really small projects that don’t handle login data. Also just making sure, you hash & salt passwords, correct?
would you recommend using google firebase or something else?
not yet, right now passwords are only base64 encoded. i’ll look into hashing and salting though
1: dunno mongo at least
2: that’s a major security flaw in every way possible, make that top of your todo list, and that’s a really big privacy concern