Highest Voted 'single-page-app' Questions - IT Security Stack Exchange

2

votes

3 answers

Securing internal REST service call via JavaScipt

I have a public Single Page Application (SPA) that is calling my backend REST service via JavaScript. How can I secure the REST service so that it will only accept calls from my SPA and no other clients or users? Basically, my SPA should be the only…

rest single-page-app

asked Mar 22 '14 at 06:37

kimsagro

121
2

2

votes

0 answers

Auth0 token exchange vs Google Firebase token exchange

I'm researching our options for securing access to a single-page web app and a mobile app. The apps communicate with a REST API which, based on the authenticated user's identity, will return potentially sensitive information. The apps can be…

authentication authorization oauth2 identity single-page-app

asked Feb 06 '22 at 21:18

DrPep

121
1

2

votes

1 answer

Implicit flow login from SPA

Looking at the implicit flow to login with https://github.com/IdentityModel/oidc-client-js and https://github.com/IdentityServer/IdentityServer4.Samples/tree/release/Quickstarts/7_JavaScriptClient . The process begins with forwarding to a server…

javascript identity openid-connect single-page-app

asked Apr 04 '18 at 17:17

ChrisFletcher

123
5

2

votes

0 answers

Protecting frontend code for SPA + Restful API with OIDC

I've got an Angular 1 SPA with a Restful API that I'd like to restrict access to. As I understand, typically the OIDC Implicit flow is designed just for this. However, I consider the frontend SPA code sensitive as well and would like to restrict…

authentication openid-connect single-page-app angularjs

asked Mar 05 '18 at 17:02

hhp

21
2

2

votes

1 answer

Evaluating spam score for a single page application

I am developing a single page application with a behaviour similar to google Maps and I want to avoid spam as much as possible. Users can register on my website to get access to an API KEY. Then, on their website, they can implement this single page…

spam single-page-app

asked Jun 08 '17 at 10:13

Gary Olsson

121
4

2

votes

1 answer

Is a SPA vulnerable to the BREACH https security exploit?

I have a Single Page Application (SPA) that consists of static resources (HTML, JS, CSS, images fonts ...) that are served from an Apache web server and several API endpoints (serving JSON from a JBoss Backend, proxied through the same Apache that…

tls web-application http single-page-app

asked Jan 03 '17 at 11:44

jbandi

123
5

2

votes

4 answers

Encrypting the API response in a single page app

I am building a single-page(React-Redux on FE, Rails-API BE) application which makes a bunch of REST API calls to get certain information for logged-in users. Some subset of that information (categorization database) is more confidential than other…

encryption javascript defense api single-page-app

asked Sep 06 '16 at 19:06

geoboy

133
1
4

2

votes

1 answer

Securing a JavaScript Single Page App with SAML

I would like to secure a JavaScript Single Page App with SAML. My server is powered using Node.js and serves a RESTful API. What are my options? Details: I have worked with OAuth2 in the past, but I am not familiar with SAML concepts. With OAuth2,…

javascript saml node.js single-page-app

asked Feb 22 '16 at 15:13

Naresh

121
1
2

2

votes

1 answer

Single Page Application session management

I have a Single Page Application which is fully HTML+JS+CSS (using frameworks such as jQuery and AngularJS) and a server side API using ASP.NET WebApi. The SPA is served in a server similar to a CDN and also packaged using Cordova for use in…

csrf session-management single-page-app

asked Jan 09 '16 at 15:18

Albert

23
1
3

1

vote

0 answers

Secure Single Page Application (SPA) served from a CDN

Is it possible to secure a Single Page Application (SPA) served from a CDN that communicates with a REST API, assuming the following: The front end communicates with a backend REST API using a token once the user has been authenticated The front…

csrf rest single-page-app

asked Sep 21 '14 at 14:49

Glenn Morton

111
2

1

vote

1 answer

Security with Single Page application

I am creating SPA application using Angular. This will serve my two purpose for middle layer on mobile as well website. Now trying to security my application from XSS, CSRF and also wanted secure authentication mechanism. My services will be Resful…

authentication single-page-app

asked Jul 07 '14 at 08:35

Dhiren Patel

113
3

1

vote

1 answer

Securing single page application

I developed a web application in single-page application (SPA) architecture using Ext JS as client interface, but I have a trouble defining the right way of securing it with AJAX queries. How could I do that?

ajax single-page-app

asked Apr 07 '14 at 07:27

Skynet

11
2

1

vote

0 answers

Implement an SPA with IFrames, but with Single Sign-on

I want to build an SPA with ASP.NET Core (Blazor server side) which some IFrames redirecting to other applications. In this example I have f.e. the SPA, Grafana to show graphs and Node-Red, but there could be more in the future. To create a simple…

oauth2 openid-connect sso single-page-app single-sign-on

asked Apr 04 '21 at 15:06

Max R.

141
3

1

vote

0 answers

SPA Oauth2 and Backchannel (Client)

I am having a problems defining the flow of an application that is supposed to be authenticated / authorized securely with an SPA frontend. Currently using an SPA with a Spring application server as a backchannel / client for Oauth2. The spring…

oauth2 single-page-app spring-framework

asked Sep 30 '20 at 10:00

user2742982

11
1

1

vote

1 answer

Is OAuth 1 less secure than OAuth 2 in an SPA

We are writing a pure javascript front-end (in angular) for an API that still uses OAuth 1 for legacy reasons. Being pure javascript means the consumer secret is part of the code that gets downloaded at the start, before authentication, and…

oauth oauth2 single-page-app

asked Aug 20 '20 at 09:11

Jan Hudec

531
1
5
10

Questions tagged [single-page-app]