OneBox authentication

(Stanislaw Klajn) #1


Is it possible to specify additional authentication headers per domain in Discourse? We’re running the private website, our discourse instance is only accessible to our members. We have some pages that are partially private - we are hiding some key information when it’s reached by non-authenticated person, but displaying all data once reached by athenticated user. Is there any easy way of finding out that given request is Discourse OneBox request, and if so, how can we tell on the application side that it is our discourse instance?

At the moment, we’re doing reverse DNS check, but I am quite sure there must be a better option, like a custom header with a secret key or something.

(Régis Hanol) #2

You could write a plugin with a custom onebox for your website allowing you to pass whatever argument/header you want.