Secure Single Page Application (SPA) served from a CDN

Asked Sep 21 '14 at 14:49

Active Sep 21 '14 at 14:49

Viewed 1,322 times

Is it possible to secure a Single Page Application (SPA) served from a CDN that communicates with a REST API, assuming the following:

The front end communicates with a backend REST API using a token once the user has been authenticated
The front end is only served via CDN with a wildcard HTTPS cert

How do you avoid CSRF?

asked Sep 21 '14 at 14:49

Glenn Morton

`wildcard HTTPS cert` you need to elaborate more on that. How the wildcard cert is defined and how you load the resources matters a lot on whether or not data loaded from the CDN is secure. – Lie Ryan Sep 21 '14 at 15:33
Many SPAs are shifting towards "[isomorphic](http://nerds.airbnb.com/isomorphic-javascript-future-web-apps/)" architecture where you surve ony static files from CDN (images, .js, fonts etc.) but HTML pages are generated on the server (could be the same domain, where API endpoint is located). – Konstantin Tarkus Sep 22 '14 at 09:51

0 Answers0