Hi, I am relatively new to this. Any kind of help is appreciated.
I have two pythonanywhere(PA) accounts say PA1 and PA2. PA1 account has an app that is embedded into the app within PA2 using iframes. The PA1 app should be only available for people who have logged into it. However, the logged in users can check the developer tools and find out the iframe url. So currently if anyone has access to the url for PA1 app, it becomes public and the login path becomes useless. So I tried adding a route like this.
from flask import abort, request
@app.before_request def limit_remote_addr():
if request.remote_addr != '10.20.30.40':
abort(403) # Forbidden
But, pythonanywhere always displays the remote_addr to be same and I am not able to get it to work.
I also tried request.headers['X-Real-IP'].
Please help.