|
…
|
||
|---|---|---|
| .. | ||
| auth | ||
| handleDevTools.go | ||
| handleDevTools.mock.go | ||
| handleFrontend.go | ||
| handleFrontend.mock.go | ||
| main.go | ||
| README.md | ||
Server
SSL/TLS
You can generate a self-signed certificate for testing like this:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout keyFile.key -out certFile.crt
Or obtain a signed certificate from let's encrypt.
CSRF
CSRF should not be possible because we check for the Authorization http header
(instead of cookies) when accessing protected recourses.
Because of this, CRIME/BREACH http attacks should also be not possible.
XSS
We rely on Vue.js's ability to escape user-input in templates.