This is an example of using elfinder with bcrypt tokens.
It works like this:
- backend and elfinder knows about secret token
- user can access elfinder on localhost:8000/elFinder/elfinder.html, but cant write without token
- backend adds hashed token to url only on some pages (admin panel for example)
- tinymce opens elfinder.html in iframe with hashed token, elfinder.html iframe pass this token to connector, connector validates token
- I use nginx to bypass cors issue
Sorry can provide more elaborate exmaple (proprietary software)