Hello, how do i prevent client browser user to gain access in my own file manager because, i try to test in my browser console tab the fetch() api and it work and that’s bad for using fetch() as they can get the whole data inside the file.
P.S. I try to set access-control-allow-origin pointing to my domain and still can bypass through browser console tab
Can you be more specific about the issue you are having?
It’s like if you try to execute fetch() api code with the directory to the file e.g .txt or .json on browser console tab, they can collect or get the data by any one who does it
Can you provide your website link?
and use this directory
fetch(“/phpform/userdata/quizipedia_userdata.json”)
You can use CORS (Cross-Origin Resource Sharing):
Access-Control-Allow-Origin: *
and Referrer-Policy
Referrer-Policy: same-origin
I fail to see your problem.
If this is your problem, just split the data into multiple files and then limit access to the files you do not wish users to have access to.
CORS won’t solve any problems here as it is disabled and there is not way to enable it or change settings for it. I’m pretty sure this is the same deal for Referrer-Policy.
Your best bet is to disable Directory Indexes in your .htaccess if they are not already (add Options -Indexes on a blank line near the top of your .htaccess) and then look up how to deny access to certain files using .htaccess directives.
how to limit who can access the file
ok thanks guys
I tested this with my personal website, and it worked. You can restrict certain files as you like.
<FilesMatch "\.(bak|log|sql|config|fla|swf|ini|sh|inc|bak|old|dist|fla|psd|cmd|bat|md|txt|json)$">
Require all denied
</FilesMatch>
yeah it really work! many thanks
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.