This is kind of an open-ended question, so I apologize. I'll do my best to keep it specific.
I have a REST API built on Express (using Sails.js actually). On the front end, I have an Angular2 app that is served up by a very lightweight Express app. The front end makes HTTP calls to the back end (API).
No one should be able to access the front end or back end without authenticating through CAS. I implemented CAS authentication on the front end using the cas-authentication module - no problem. But, the API is still not protected.
I'm trying to figure out how to protect the back end. I have implemented CORS protection that will only all requests from a whitelisted domain. But, this doesn't seem adequate.
I'm assuming that I will need to send an authentication token along with each REST request to the backend. I just don't know how to get that token.
Any nudge in the right direction would be appreciated.
via Faris
No comments:
Post a Comment