Posts Tagged: http

Home » http

JSON Web Tokens: Downsides, Best Practices and Secure and Robust Alternatives

JSON Web Tokens (JWTs) nowadays are commonly used for transmitting authentication data in web applications, especially those exhibiting the widespread client-server architecture where you have a fat client / single-page application written in JavaScript as a front-end and a back-end server providing REST endpoints for use by that front-end client. However, while common there are good arguments against this practice. In a nutshell, JWT often are used for storing session data such user authorization and authentication information although they aren't particularly well-suited to ... Read more

HTTP and REST Standards, Protocols and Headers for More Secure and More Robust Applications

Standards.REST is a website that helps you create better, more robust HTTP- and REST-based applications by providing an overview of existing, proven standards that allow you to build on existing solutions rather than re-invent the wheel yourself. The list of standards mentioned includes OAuth 2.0, the HTTP Caching standard and Application-Level Profile Semantics (ALPS), which - among others - is used extensively in Spring Data REST and Spring HATEOAS. On a closely related note, Stefan Judis published an article on HTTP headers ... Read more

Running A Local Angular Development Environment Behind A Spring Cloud Gateway Service

Having multiple microservices running behind a reverse proxy / API gateway in lieu of a single monolithic back-end application is a common pattern these days. With such an architecture it often comes in handy to have an Angular application that serves as a front-end for such a modularised back-end be served from behind a reverse proxy running locally as well in order to treat it is if it were running on the same host and port as the back-end. Not only will ... Read more

Observatory by Mozilla: Security Checkup for Your Websites and Web Apps

Observatory by Mozilla is a security checkup tool for websites and web apps that both assesses your website in terms of HTTP security measures and best practices and also suggests approaches and techniques for further improving security. Observatory's goal is to provide developers with insights as to their applications' security standards as well as to educate developers about HTTP security options such as the Content Security Policy or HTTP Strict Transport Security headers and the respective standards and policies they implement. Observatory is ... Read more

Jeremy Keith About Resilience In Web Applications @ beyond tellerrand 2016

At this year's beyond tellerrand conference in Düsseldorf web developer Jeremy Keith gave a talk on resilience in web applications: Resilience - Jeremy Keith - btconfDUS 2016 from beyond tellerrand on Vimeo. The World Wide Web - or the Internet for that matter - since its inception always was designed as a resilient, fault-tolerant medium. This not just applies in a technical sense but in a social or even political way, too. As John Gilmore is famously quoted: "The Net interprets censorship as ... Read more