Can I accept a mail request only on behalf of a domain?

Question

Can I accept a mail request only on behalf of a domain?

I apply the payment method in my application, and the bank’s website sends back a request with payment information, for example, status, payment identifier ...

But to be sure that the request is not from someone trying to do bad things, can I only accept the request from my banking system? I am looking for something to check the request for this action / controller only with mybank.com and skip the others.

+4

post ruby ruby-on-rails domain-name

Ugo mare Jan 9 '15 at 1:48

source share

2 answers

You can try to verify the request and reject the request that does not match:

if request.referer.starts_with?('https://your.bank/') # or request.env['HTTP_REFERER']
  # do stuff
else
  # render error
end

: ) . . b) , , .

: .

0

spickermann 09 . '15 1:57

shweta · Accepted Answer · 2015-01-09T06:08:44+0000

You can restrict the route:

post 'yourpath', to: 'controller#action', constraints: { protocol: 'https://', host: 'yourbank' }

Can I accept a mail request only on behalf of a domain?

More articles: