is it required to secure my rest api with server side rendering in vue or react?
Question
如果我的rest api在vue或react(NUXT,NEXT)的SSR的同一台机器上运行,我还需要保护我的api吗?
2 answers
solution1
2 2018-11-05 14:56:29
Yes, you still have to secure your API.
Your server delivers the server side rendered app and JavaScript. The JavaScript gets executed by a random client (the user's browser).
That client is not your server any more and can be any machine, including an attacker's self made malicious client, who can manipulate the requests.
If you do some critical data changes or deliver private data, you still have to implement some sort of authentication and authorization. In what form depends on your application.
solution2
-1 2018-11-05 14:55:31
No, you don't have to, as long as you don't render any credentials or store them in a variable that's not supposed to be accessible from the browser.
SSR is like any other HTML page, that's rendered in the server as HTML and sent to the user's browser as HTTP response.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.