简体繁体中英

how securing a public nodejs api to only requests from the frontend

原文 2018-09-11 15:30:36 8 2 node.js

I have a node frontend express server and a node api express server.

How can I best ensure that only requests that are made to the api are made from the frontend express server?

There is no user authentication so the user will not be sending a jwt with each request.

2 answers

The easiest way would be to set the Content Security Policy using Helmet.js And you can easily add other security features using Helmet.

const helmet = require('helmet')

app.use(helmet.contentSecurityPolicy({
  directives: {
    defaultSrc: ["'self'"],
    // styleSrc probably not needed but you can set those too
    styleSrc: ["'self'", 'maxcdn.bootstrapcdn.com']
  }
}))

This effectively tells the browser “only load things that are from my own domain”

https://helmetjs.github.io/docs/csp/

https://github.com/helmetjs/helmet

in my opinions, you should

configure the firewall of api server to accept only ip address of the frontend express server with only port 443 also.
please add basic authentication to the header in every APIs, then the front-end must attach some username/password or secret to the header of all APIs calls.
in your server APIs, please include your security library, eg, helmet.js also. it can help you secure your APIs server.

Securing Nodejs express API

How to return data from an api consumed by nodejs to the frontend?

Nodejs recieving multiple requests from my ajax frontend

Nodejs - how can I save a file object sent from frontend to the public folder without using middleware like multer?

How to redirect from backend (nodejs) to frontend (react)?

Having a public API but only allowing access to requests sent from my website

How to send data from the frontend with Vue to backend with nodeJs for the update functionality in CRUD using axios API?

How to send data received from external graphql api with nodejs to frontend (reactjs)

Securing a nodejs / sailsjs API with OAuth2

Securing NodeJS RESTful API and React client app

暂无

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Securing Nodejs express API How to return data from an api consumed by nodejs to the frontend? Nodejs recieving multiple requests from my ajax frontend Nodejs - how can I save a file object sent from frontend to the public folder without using middleware like multer? How to redirect from backend (nodejs) to frontend (react)? Having a public API but only allowing access to requests sent from my website How to send data from the frontend with Vue to backend with nodeJs for the update functionality in CRUD using axios API? How to send data received from external graphql api with nodejs to frontend (reactjs) Securing a nodejs / sailsjs API with OAuth2 Securing NodeJS RESTful API and React client app

Related Tags

粤ICP备18138465号 © 2020-2024 STACKOOM.COM