API routes must be prevented from direct browser access

MadOgre / shout-in-the-dark

Whisper clone

1 stars 2 forks source link

Closed MadOgre closed 7 years ago

MadOgre commented 7 years ago

User should not be able to go to /shout and look at the bare API

MadOgre commented 7 years ago

Fixed by adding a custom header by angular and checking for it in the backend.