Support Forums

How to block all requests to my netlify functions that are not coming from the application?


I want to block all incoming http requests to my netlify functions that are ~sent outside of netlify app. At the moment I don’t need to implement users to the app, so it needs to work similar to a AWS NAT Gateway, in the sense that, if the request is not coming directly from the netlify application, then it should not work. Is it possible?

Welcome to the forums @javiseeker

Does this post help

I see, thanks @coelmay!
I never touched CORS in my application’s netlify.toml, so maybe it got enabled by default, do you know how to deactivate them?
Also, after thinking it thoroughly, it seems I will need to access the netlify functions from a mobile app as well. Any ideas how to proceed? :grinning:

You can add custom headers for various thing including CORS. If you need access to the function from other sites you can add HTTP headers to limit access.

Hi @javiseeker,

Before you do what @coelmay suggested, do note that adding HTTP headers is not a fool-proof way to block access. Rather, there is no 100% secure way that cannot be bypassed at all. There are ways to make it as secure as possible, each with its own problems.

1 Like