URL Whitelisting
Each Key can be whitelisted against a number of URLs. Individual Licensee Keys can have whitelisted URLs assigned to them.
Whitelisting works by matching the Referer
and Origin
headers of an incoming HTTP request against your list of whitelisted URLs. If no match has been found then a 4011
reply is returned.
If a matching URL is found, the request is allowed to proceed as normal. Furthermore, the Access-Control-Allow-Origin Response header is set as the requester's Origin header.
Whitelisting rules
Whitelisted strings beginning with http://
or https://
will look for matches that start with the string.
For instance, https://www.example.com
will match https://www.example.com/
as well as https://www.example.com/signup
.
Whitelisted strings which do not begin with http[s]://
will look for positive substring matches.
For instance, .example.com/signup
will match https://www.example.com/signup
as well as https://app.example.com/signup
.