you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (2 children)

You will probably want to set some CORS flags to set which methods and headers are allowed. There are many situations that you might want to restrict the requests to GET or POST

[–]chickenz[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (1 child)

My code does that just fine .

When I read the http request, I only respond to GET or POST requests.

If the request is a POST request, I will look for a "Content-Length:" http request field, which will contain an integer value which can be used to verify that I have actually received the correct number of POST data characters.

And, I might want to keep track of cookies.

[–][deleted] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (0 children)

Sounds like you already have the CORS handled then

For cookies you wanna set the 'secure' and 'http-only' flags. You also want to use a key to cryptographically sign any of the cookies so you know you attached them and not an attacker. HMAC is considered the best practices protocol for key generation