Learn More
Resend Email
3
nikolatesla
7y

Securing my single-page-app. Fuck it. Fucking how? Fuck.

undefined

cookies

session. i dont understand

no refresh

browser

csrf

express

node

csurf

fuck

react
Favorite
Ranter
Comments
  • 1
    7y
    Use APIs with JWT
  • 0
    7y
    @code-god thanks. a hacker inserted thousands of documents into my database. that freaked me out.
  • 0
    7y
    @nikolatesla I would use cloud functions to verify the data before inserting into my database.
  • 0
    7y
    Yes, use jwt - most frameworks has plugins for it, and (mostly) easy on the backend as well, depending on your stack.
  • 1
    7y
    Sure, JWTs are great, and fairly simple, but make sure you know what you're doing first, as if you don't you can easily shoot yourself in the foot. Don't worry, the theory behind it is really easy to grasp.
  • 2
    7y
    Yeah, what @Tribex said cant be stressed enough - jwt's can be faked easily, so make sure they are validated serverside. :)
  • 3
    7y
    Always validate server side. Never ever trust user input, especially not when you have some (rest) api on back end.
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment