[spring, vue, java, help]


You'll have a better experience reading in DEV

Click here to continue reading this post there >>

However, if you want to know more about the project to mirror my posts from DEV here (and why), go ahead and read more.

You can continue to read here too, it's up to you... =]


I have this app:

And I'm wondering how do I properly secure it? The app has:

  • Server-rendered pages with Thymeleaf.
  • An API providing data for the pages.

What's the proper way to secure and its underlying limitations considering this architecture?

Some questions that pop on my mind, to help you understand why I'm asking:

  • Can I go with Spring Security defaults (adding csrf token on my forms that POST/PUT with Vue.js)?
  • How do I integrate this with my DELETE via API, for example?
  • Should I disable csrf?
  • Does this architecture makes sense? What are the caveats?

...


Cover image from Christoph Scholz.