HTTPS website+API, confusion about best practices?

HTTPS website+API, confusion about best practices?
2 by epimetheus2 | 3 comments on Hacker News.
Let's say we have a site www.coolstore.com that accesses api.coolstore.com What is the best practice and possible attack vectors when not sticking to them? It seems that www.coolstore.com should be under https://ift.tt/3rgqIJ2. What about assets? Let's say we force a redirect to https:// on the site itself, but not on assets. e.g. you copy the request and change it to http you can access some javascript files. Would that be a problem? How about API ? Is it neccesary that also api.coolstore.com requires https, even though it's only used by the website? Should it have http:// completely turned off? Is there some manual of best practices with deploying react site + api ?

Comments

Post a Comment

Popular posts from this blog

Lord of the Rings Influenced a Cyberpunk 2077: Phantom Liberty Quest

Spoiler Warning: This article features minor spoilers of an enemy which appears in a late game mission of Cyberpunk 2077's Phantom Liberty expansion. Beloved fantasy epic The Lord of the Rings may not be an obvious inspiration for dystopian role-playing game Cyberpunk 2077 , but it influenced developer CD Projekt Red regardless. Speaking to IGN at GDC 2024, associate game director Paweł Sasko further explained CD Projekt Red's philosophy of designing specific quests with certain genres or themes in mind. It has used this concept on a grander scale previously, like imagining The Witcher 3: Wild Hunt as a horror game to create the Hearts of Stone expansion, or seeing Cyberpunk 2077 in the espionage genre to create the Phantom Liberty expansion as a whole. It was in this chunk of new story content that CD Projekt Red implemented this philosophy on a more intricate level, however, and it pulled from myriad popular works to do so, including The Lord of the Rings. Sasko refer...
Read more

Lord of the Rings Fans Mourn King Théoden Actor Bernard Hill, Dead at 79

Bernard Hill, who found fame as King Théoden in Peter Jackson's Lord of the Rings trilogy and as Captain Smith in Titanic, has died. He was 79. Hill died early Sunday morning, his agent told the BBC . His representative did not share the cause of death. A long-time Hollywood veteran, Hill's most recent role was in BAFTA-winning drama The Reponder alongside Martin Freeman. Over the years he's appeared in a variety of movies including Gandhi and The Scorpion King, as well as Fable III. Bernard Hill, best known for his work as Théoden in The Lord of the Rings trilogy and Captain Smith in Titanic, has died at age 79. pic.twitter.com/xtLehexg2Z — IGN (@IGN) May 5, 2024 But he remains best-known for his memorable turn as King Théoden in Two Towers and Return of the King. The role forever associated him with Lord of the Rings, though he admitted that he was "not interested" in Rings of Power , calling it a "money-making venture." Fans paid to tribute t...
Read more

Redfall's Final Update Is Live, Bringing With It Offline Mode, DLSS 3, and More

Redfall's final update, which was announced following Microsoft's closure of developer Arkane Austin, is here, adding a myriad of quality-of-life overhauls to the game, such as an offline mode, DLSS3, and single-player pausing. The details of Redfall Game Update 4 were unveiled in a Bethesda blog post today, including a ranking system called Community Standing, which is among the new features in the game’s Neighborhood system. Community Standing, as the blog post describes, is a rank-based reputation that rewards players with unique permanent buffs upon completing a Safehouse mission, rescuing civilians, and defeating an Underboss. Offline mode, meanwhile, has long been one of the most-requested Redfall features , with it finally arriving in its final update. "You will also be able to continue playing if you’re disconnected from the Internet in the middle of a solo session. When playing in co-op, the host will be dropped into a solo offline session," the blog ...
Read more