jjwallace Posted April 12, 2017 Share Posted April 12, 2017 How do you guys like to sitelock your projects? Link to comment Share on other sites More sharing options...
snowbillr Posted April 13, 2017 Share Posted April 13, 2017 Can you define "sitelock" for me? I'm not familiar with the term. Link to comment Share on other sites More sharing options...
symof Posted April 14, 2017 Share Posted April 14, 2017 I don't actually URL lock my projects as of yet. But this is how I would do it if(document.URL.indexOf("domain.tld") != -1) { //found } else { //nope } I wrote this handy fiddle for a more in-depth example: https://jsfiddle.net/Lnbos3ns/ Link to comment Share on other sites More sharing options...
snowbillr Posted April 14, 2017 Share Posted April 14, 2017 Ah, so by "sitelock" and "url lock" do we mean making sure your game can't be embedded on other websites except your own? Interesting. Unfortunately, symof's method isn't very secure. If a URL had 'domain.tld' anywhere in it (as a query parameter for example) then the code lock would fail. Plus, it wouldn't be too difficult to edit your script to remove that line and make the game work, even if the code is minified. The only solution I can think of off the top of my head is to have the server come up with a random token it sets as a cookie in the browser on page load. Then, when the page requests the assets and JavaScript files for the game from your server, the cookie would be sent along with the requests and the server would verify that its the correct value for the token and serve back the requested files. If the cookie was missing or was a bad value, it would not serve the files and the game wouldn't get loaded on the client. Link to comment Share on other sites More sharing options...
symof Posted April 14, 2017 Share Posted April 14, 2017 I wrote it so it's simple to see the process. There is no reason "domain.tld" can't be a variable that you generate on the way by doing string operations. The end goal would be to have a variable that contains the name of the url. So you can do: https://jsfiddle.net/Lnbos3ns/1/ Be Creative! Link to comment Share on other sites More sharing options...
snowbillr Posted April 14, 2017 Share Posted April 14, 2017 It's good to have an example like that to show the concept of verifying something unique to the site to make sure the code is running on the right page. Still though, it doesn't matter how the value is checked (string or variable or whatever) if it all happens on the client side. If someone is intent on running your code on their own site, nothing will stop them from downloading the JavaScript/images/html from your website and editing the code to make it run on theirs. For this example, that means changing whatever client side value is checked. The only way to make sure that can't happen is to do the verification server side. That's something that someone can't copy just by downloading your JavaScript files. Its a more complex solution, but will secure your content by tying it to the response from your server. Link to comment Share on other sites More sharing options...
Recommended Posts