Does a hosted 3rd party JavaScript widget I host on my website give my API acces
-
For visitors on my site to be able to use a 3rd party chat widget or be identified by Google Analytics, they must have access to whatever credentials are needed to call those 3rd party APIs from their front end. Does that mean they can easily grab those and programmatically send any requests to those services on my behalf?
Can those services use the domain the HTTP request originated from as a security measure? If I specify that the widget would be hosted on mywebsite.com, isn’t it that anyone can fake an HTTP request that looks like it came from that origin?
Finally, is there any reliable security measure for such a scenario or do frontend-only widgets inherently give anyone access to the resource they use?
-
Hello, I’m sorry to hear that you are having trouble with your website. However, your site is not hosted with WordPress.com. It is a site using the open-source WordPress software (from WordPress.org) but hosted elsewhere.
Because WordPress.com and WordPress.org are two entirely separate entities, we cannot access files or data for sites that are hosted elsewhere, so WordPress.com staff can only assist with sites that are hosted on our servers. You can find more information here about the differences between WordPress.org software and WordPress.com: https://wordpress.com/support/com-vs-org/
https://wordpress.org/support/ is a great resource for sites using the open source WordPress.org software, and you can find support for that at: https://wordpress.org/support/forums/
Your hosting provider’s support team may also be able to assist.
- The topic ‘Does a hosted 3rd party JavaScript widget I host on my website give my API acces’ is closed to new replies.
WordPress.com Forums 