Restrict public data

System Information
  • Strapi Version: 3.6.8
  • Operating System: Ubuntu 20.04 Focal Fossa
  • Database: sqlLite
  • Node Version: 14.16
  • NPM Version: 8.x

Hello, I’ve got an API general question,

We got a front-end coded with NuxtJS linked to an API powered by Strapi.

We set some policies (isOwner for example) and some custom controllers / private attributes to restrict data access.

Currently, we can avoid CORS errors using nuxt/proxy, but this way, any users can access public data through

For example, if my front-end homepage displays blog-articles fetched publicly from Strapi, how can i restrict blog-articles fetching to my front-end site only?

Thanks in advance for help!