API protection only if you have web -> api. For mobiles and if you use CDN this approach will not work
Last active
July 31, 2019 00:15
-
-
Save BonBonSlick/0f27752a13f66b23edc02e0479735db9 to your computer and use it in GitHub Desktop.
CORSSubscriber
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Class self | |
| */ | |
| final class CORSSubscriber implements EventSubscriberInterface{ | |
| /** | |
| * @return array | |
| */ | |
| public static function getSubscribedEvents() : array { | |
| return [ | |
| KernelEvents::REQUEST => 'checkAllowedHosts', | |
| ]; | |
| } | |
| /** | |
| * @param GetResponseEvent $event | |
| */ | |
| public function checkAllowedHosts(GetResponseEvent $event) : void | |
| { | |
| $request = $event->getRequest(); | |
| $allowedIps = [ | |
| 'dev' === getenv('APP_ENV') ? '127.0.0.1' : 'your.UI.IP', | |
| ]; | |
| if (false === in_array($request->getClientIp(), $allowedIps, true)) { | |
| $event->setResponse( | |
| new JsonResponse('Error c') | |
| ); | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment