All geek questions in one place

Securing the REST API

I am trying to use Play 2.x with backbone.js for a project. My intention is to create RESTful APIs on the server (all response authorities are in JSON, and all request authorities are also in JSON).

I would like to use Facebook OAuth (server side) to authenticate my requests. For this, I use play-authorize for OAuth. The problem I am facing is that the user session information is stored in the Session object in Play. I really don't want to use game templates in my HTML code, how can I use a client-side session object without game templates.

Also, what measures can I use to prevent CSRF / XSS attacks when using Play.

+4
source share
1 answer

I may not understand your question, but remember that Play is stateless. This means that the “Session” is stored in a cookie, which is sent to the server. You can store string values ​​in this cookie and access them from a browser.

Now you do not want to store critical values ​​there, but that the server-side code recognizes and allows you to work to solve your problem.

0
source

Source: https://habr.com/ru/post/1440410/

More articles:


All Articles