Add-on call external file


(Leonardo Sedevcic) #1

Hi i solved my proble for my add-on but i get in a new problem!

my add-on call a file from an url

HOW to block acces to tha file to prevent users to download or access??

if i add an .htaccess like:

Order Allow,Deny
Deny from all

<files dburl.dat>
order allow,deny
deny from all
</files>

to the rot folder of the file, my add-on doesn’t work anymore :s


(Martin Giger) #2

If your extension can load it a user can load it. You can do things like require authentication or similar, however a user could just look at how your extension gets access to the file. Or copy the result from the network inspector when the extension loads it etc.

You could of course block access to it with your extension after you’ve loaded it…


(Leonardo Sedevcic) #3

i would like to say again THANKS a lot for all the time :smiley: and help you was providing me !!! :smiley:


(Leonardo Sedevcic) #4

how can i achieve that:
“course block access to it with your extension after you’ve loaded it”
“like require authentication or similar”


(Martin Giger) #5

The same way you block other requests. By checking the request and blocking it.


(Leonardo Sedevcic) #6

And if i add my file url to the manifest.json and then block the folder in the htaccess?

"permissions":[  
"http://url.com/folder/dburl.dat",

(Martin Giger) #7

You shouldn’t need another permission for it, based on all the permissions you already declare. This would be included in both <all_urls> and http://*/* or https://*/*(I hope you sue HTTPS?)


(Leonardo Sedevcic) #8

yes its https for my website


(Leonardo Sedevcic) #9

SOLVED !! i put the db in another domain name, then blacklisted that domain :smiley: so, add-on can access to the db, but not the users :smiley: