Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It is pretty handy.

I work on some SPAs and some server side rendered systems.

It's so nice to fire up the network tab and see some of the requests right away to troubleshoot.

Server side rendered stuff, not so easy. Not impossible and you can always add some debugging, but the nature of SPAs to just call all the things that are easily seen, very nice. And I can use that elsewhere.



Including the people like myself doing security checks as part of SecDevOps workflows.

99% of the time, not great, everyone codes their connection points as if their beloved JavaScript function is the only caller.


What is the recommended way to not code like this?

I always take care to not trust raw user input, and add rate limiting and request size limits. I'm sure there is more I can be doing, but this is not my area of expertise.


- Never trust any kind of input without validation.

- Assume that the caller might not be a browser, so don't assume anything regardling workflows between calls.

- Keep up to date with OWASP, https://owasp.org/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: