Categories:

Restricting access of JavaScript libraries to designated domains

JavaScript libraries allow us to separate script from page, so multiple pages can all utilize the same script simply by linking to it:

<script src="greatscript.js" type="text/javascript"></script>

Just to refresh our memories, "myscript.js" should contain the script itself minus the surrounding <script></script> tags, and saved as a text file (but with .js extension).

Now, the nature of JS libraries means that they're not only accessible by your site/domain, but anyone's. Like an image, a library could potentially be utilized by any site that decides they like your script but not the bandwidth associated with it. Specifically, they would simply use a syntax like the following on their page:

<script src="http://www.yourdomain.com/greatscript.js" type="text/javascript"></script>

This can become a headache, especially if the library is very large.

So, is there a way to limit which domains can access your library? There better be, or this tutorial sure is going nowhere fast!  The following looks at two techniques for restricting access of a JavaScript library to only  "permitted domains."