Is there a safe way to give access to the webapp only for people who come together through Eddystone url?
I know that I can use some of get parameters and handle them on server side but it not good enough.
Asked
Active
Viewed 36 times
1 Answers
0
There is no foolproof way to do this, as any information you can pass in an open web request can be simulated by a determined person visiting the web app.
If adding GET parameters to the URL isn't good enough, a few more things you could do include:
- Examine the USER-AGENT field in the HTTP header, and ensure it is an iOS or Android mobile device that sent the request.
- In addition to the above check, you can also verify it is a Chrome browser variant, if you are relying on Chrome to do the Eddystone-URL detection.
You could also change the GET parameters on the URL transmitted by the beacon periodically (even making it dynamic if you have a custom firmware beacon), so it becomes difficult to predict what the URL will be in the future.
davidgyoung
- 63,876
- 14
- 121
- 204