Forum Discussion
PaoloT
10 years agoLithium Alumni (Retired)
Hi Gursimrat
ultimately if you make an AJAX call to any HTTP endpoint from the browser, it means that the endpoint itself must be accessible to the browser by definition. What the browser in question "can / cannot see" depends on who is using that browser, so ultimately I think the best way to secure it is to verify that the user accessing the Studio Endpoint has the right level of access for seeing the content provided by the endpoint.
In the endpoint you can use freemarker code to verify for example whether the user is registered or anonymous, or whether the user in question has a certain role etc... Would this give you enough power to control the access to your endpoint?
Cheers,