When adding authorization to my back end, I struggled with properly securing routes and ensuring that only authorized users could access certain endpoints. I had to carefully implement middleware to check user roles and permissions.
On the front end, I found it challenging to manage user sessions and cookies effectively. I had to ensure that protected routes were only accessible to logged-in users and that their permissions were correctly enforced in the UI.
I struggled with configuring the server environment and ensuring that all dependencies were correctly installed. Additionally, I had to troubleshoot issues related to network configurations and domain settings. As well as, serving my React assets from the server.
I implemented input sanitization and output encoding to prevent XSS attacks. This involved using libraries like DOMPurify to clean user inputs and ensuring that any dynamic content rendered on the page was properly escaped.
I used anti-CSRF tokens to protect against CSRF attacks. This involved generating a unique token for each user session and including it in all state-changing requests. The server then validated this token before processing the request.
I added rate limiting to my application code using the express-rate-limit package. This allowed me to set limits on the number of requests a user could make in a given time period, helping to mitigate brute-force attacks.
I set several HTTP headers to enhance security, including Content-Security-Policy (CSP) to prevent XSS, X-Content-Type-Options to prevent MIME type sniffing, and X-Frame-Options to prevent clickjacking.
I conducted regular security audits and code reviews to identify and fix potential vulnerabilities. Additionally, I kept all dependencies up to date to protect against known security issues.