Closed kerfootj closed 4 years ago
Using the host name might be sufficient although not the most secure way. https://stackoverflow.com/questions/18498726/how-do-i-get-the-domain-originating-the-request-in-express-js
The scraper now directly uploads course data to mongodb.
Here's the work on the scraper side: https://github.com/VikeLabs/scheduler-scraper/pull/22 This PR removed the post endpoint on the backend: https://github.com/VikeLabs/scheduler-back-end/pull/19
User Story
As a developer, I want only the scraper to be able to make changes to course data.
Description
Conduct research to find a method to secure posting to /courses such that only requests made by the scraper will modify data.
Acceptance Criteria