Check for domain name in redirection

We开发者_如何学Python have a web application on a domain. Now another domain will use this application by doing a 301 redirection to former domain. What are ways to safeguard the app. So that no one can access it directly. Referrer check is one way, but not reliable.

You could require a key and a hash to be passed along to your webapp in the redirect. The redirecting app generates the key, hashes it with a shared secret, and then passes the key and the hashed value to your webapp. Your webapp hashes the key with the shared secret and if it's equal to the hashed value that was provided, access is allowed.