Restrict access to an endpoint

Question

I'm using Cloudflare D1 to store data and Cloudflare Pages to display it. I created a function to access the data which works fine until I want to limit access to the endpoint created by that function.

I want the endpoint to be only used by my app. I used the origin to exclude any request coming from outside the URL of my app, but I don't seems to make it work, what am I missing?

export async function onRequest(context) {
  const origin = context.origin;
  console.log('Request Origin:', origin);

  if (origin === 'https://xyz.pages.dev') {
    const ps = context.env.XYZDB.prepare('SELECT * from costs');
    const data = await ps.all();

    const response = new Response(JSON.stringify(data), {
      headers: {
        'Content-Type': 'application/json',
      },
    });

    console.log('Response:', response);

    return response;
  } else {
    console.log('Unauthorized Request');
    return new Response('Unauthorized', {
      status: 401,
    });
  }
}

What doesn't work about it? Can you log the value of `context.origin`? — slashmelon, May 29 '23 at 17:33
I'm not sure, but I have the feeling that the origin is not correctly caught by the function. I tried to log the context.origin, but nothing appears in the log... — Mrtsm, May 29 '23 at 17:37
So I edited the code below to include all the logs I added, but the console is completely empty. — Mrtsm, May 29 '23 at 18:05

score 0 · Answer 1 · answered Jun 01 '23 at 05:08

0

You can read the origin from the request headers.

context.request.headers.get('origin')

answered Jun 01 '23 at 05:08

Massimo Presta

41
5

Restrict access to an endpoint

1 Answers1