Deny direct url access to files in Jetty 7

I have a single page website using jetty 7 that shows another pages using ajax call.

Does anyone have any suggestions on how to only show the pages using ajax call in my site and deny access if someone types or pastes the direct URL into a browser?

Jon Skeet
people
quotationmark

A few options:

  • Your ajax call could return an encrypted form of the data, and the client side could decrypt it.

  • Your ajax call could include some sort of token which was originally provided on the single accessible page, and you could avoid returning anything if the token isn't present

  • You could return a data representation of the information (just JSON) instead of HTML, and make the Javascript in the single accessible page "present" that appropriately

None of these will stop anyone from fetching the information programmatically of course - it would just be a matter of them fetching your intended page, then working out what your ajax is doing. But it would prevent casual fetches just via a browser address bar.

As an aside, this does give a fairly nasty user experience, as they can't bookmark individual pages easily - unless you provide some way of automating the fetch via the fragment identifier or something similar.

people

See more on this question at Stackoverflow