.. | ||
auth | ||
handleDevTools.go | ||
handleDevTools.mock.go | ||
handleFrontend.go | ||
handleFrontend.mock.go | ||
main.go | ||
README.md |
Server
SSL/TLS
You can generate a self-signed certificate for testing like this:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout keyFile.key -out certFile.crt
Or obtain a signed certificate from let's encrypt.
CSRF
CSRF should not be possible because we check for the Authorization
http header
(instead of cookies) when accessing protected recourses.
Because of this, CRIME/BREACH http attacks should also be not possible.
XSS
We rely on Vue.js's ability to escape user-input in templates.