Questions tagged [react]
React is a JavaScript library for building user interfaces.
30 questions
0
votes
1
answer
107
views
Running and unknown nodeJS/react app
I made a mistake - i was reached out for work regarding a project. Accidentally built it and ran it locally and it was obviously a bunch of nonsense code designed to look like a normal react project ...
- 101
0
votes
1
answer
1k
views
Best practises regarding authentication in SPA/API solutions with SSO
There is really not that great information on what the best practices are for auth in SPA/API solutions. Most of them just say use JWTs and auth code flow in the SPA. There is a ton of information ...
- 113
1
vote
2
answers
752
views
React chars to HTML encode?
I've observed that React can HTML encode specific characters to prevent XSS vulnerabilities in certain contexts. For instance, consider the following code in App.jsx:
function App() {
const ...
- 31
2
votes
2
answers
1k
views
Where or how to persist a decryption key in a React app?
I'm making a web application on the MERN stack which stores sensitive user data, in the form of a big block of text.
The encryption method I am using is that when a user registers, a random key is ...
- 21
0
votes
1
answer
241
views
Busines logic bypass issue
Good day, we deployed our app that has payment on it with a wallet system. We tried as much as possible to follow every security rule from server to code design. But yesterday we experienced a bridge ...
- 3
1
vote
2
answers
1k
views
Is my understanding of CSRF, SOP and CORS correct (Express / React)?
I am a hobby developer and am developing an application with a Node JS / Express backend and a React frontend.
I am currently learning about Cross Site Request Forgery (CSRF), and I want to make sure ...
- 11
1
vote
1
answer
3k
views
Using `react-oidc-context` and storing the `access_token` and `refresh_token` together
I am looking for a "best practises" approach for creating SPAs protected using OIDC + PKCE.
Most of our applications are hosted on two independent web servers with a load balancer routing ...
- 117
0
votes
0
answers
5k
views
Where to store token from auth header in React
I am currently working on a medium scale app and am a month into learning React. I got to the part where I need to authenticate users. I have written some code and It is working, but I don't know is ...
- 101
-1
votes
1
answer
181
views
how to fully secure web/mobile/desktop application connected the same backend server [closed]
I have a React/Express application, I want to fully secure it. I'm looking for best practices for these features:
data encryption/decryption
end-to-end communication
access control
role management
...
1
vote
1
answer
161
views
Can an attacker mess with a website that doesn't use a back-end server? (and how I can prevent that)
I'm developing a React web app where the user can input a .csv of their transaction data, and the app will output useful analysis that will inform their future purchase decisions.
I'm planning to use ...
- 11
0
votes
1
answer
1k
views
How do I properly secure my login using bcrypt in react and a python-flask backend?
I want to store the passwords of accounts hashed into a database that can be accessed through a python-flask application. When you would login, this python application is supposed to provide you with ...
- 3
1
vote
2
answers
296
views
How to protect client server app if both: client and server - located on client side?
Frontend communicates to backend.
I am a developer of frontend and backend.
I want to protect my app (prohibit end user from using my app without paying).
The only thing I have in mind is to have some ...
- 111
0
votes
2
answers
1k
views
API key safety in front end app running in localhost
I have been working on a front end (React) app that sends REST requests to an API end point. I am aware that sensitive items such as API keys should not be stored in front end frameworks (like React, ...
- 145
3
votes
3
answers
2k
views
Securing client side code of react application [duplicate]
I'm developing application with react and all the main logic is on the client side. I want to force users to use the application only if they paid for the app subscription.
Are there any methods to ...
0
votes
2
answers
1k
views
How do I protect a Laravel backend API from hijacking/CSRF when there is a React frontend?
I'm finding it really hard to find a solution to make secure requests via our API without a potential hacker being able to see sensitive secret information via Google Chrome dev tools (or any browser'...
- 3