Hello,

I'm working on an application where I allow users to embed a uniquely
generated block of js code which also includes an swf file on their own
domain. I have a setup where a user enters their domain in my
application, I generate a random key to associate with the user / domain
and I generate a block of js code for them to copy / embed on their
domain. I'm not sure how to "check the referring domain"...

How could I go about preventing non-authorized domains from embedding
this code?

I guess what I'm looking for is something like "URL based restriction".

I would like to somehow verify the domain before the js / swf file loads
on the user's domain. If the domain is invalid then display an error and
do not load the code / swf.

Is it best to do this with some sort of ajax call? Is there a better
approach? Are there any modules / plugins to assist with this
functionality?

This seems kind of like the google maps API but unique for each user /
domain.

Or is there a way to create a "white list" of acceptable domains that
can embed the code? I thought about generating a unique js file for each
user but that seems a but cumbersome / brittle. And what's to stop
someone from viewing the source of the js file, modifying it / removing
the "url authentication" and using it as they please?

Any suggestions appreciated.

Thank you.
-- 
Posted via http://www.ruby-forum.com/.