Home
Support Forums

How to block all requests to my netlify functions that are not coming from the application?

Hello,

I want to block all incoming http requests to my netlify functions that are ~sent outside of netlify app. At the moment I don’t need to implement users to the app, so it needs to work similar to a AWS NAT Gateway, in the sense that, if the request is not coming directly from the netlify application, then it should not work. Is it possible?
thanks!

Welcome to the forums @javiseeker

Does this post help

I see, thanks @coelmay!
I never touched CORS in my application’s netlify.toml, so maybe it got enabled by default, do you know how to deactivate them?
Also, after thinking it thoroughly, it seems I will need to access the netlify functions from a mobile app as well. Any ideas how to proceed? :grinning:

You can add custom headers for various thing including CORS. If you need access to the function from other sites you can add HTTP headers to limit access.

Hi @javiseeker,

Before you do what @coelmay suggested, do note that adding HTTP headers is not a fool-proof way to block access. Rather, there is no 100% secure way that cannot be bypassed at all. There are ways to make it as secure as possible, each with its own problems.

1 Like