How to allow access to backend from only frontend delivered from asset canister

Dear fellow developers, and DFINITY.

I’m looking for a way to Identify a query call from the frontend or from somewhere else like dfx command.

At first, I was thinking of using Origin in the HttpRequest header, but I realised that it could easily be falsified.

I would be happy if you could discuss about this.


There is no guaranteed way to do that. The browser is an untrusted(?) client, and anything you do there can be done from different clients too. But if you do some quick-and-dirty tricks that mostly work by people being too lazy to look into the frontend code, then you’ll get probably 99% of the way there with very little effort