Hi, Hope you are good. Django ships with top of the line CSRF protection first of all, Secondly, you may specify domain specific headers and strictly restrict the expected type of data, cookies timeout, response data type from the server to the client. Also, you may leverage several robust django compatible packages which relate to security and prevent any requests to the API whiah are unauthorized. From unauthorized, I feel obliged to mention that you must make sure that all the endpoints in your api are well defined and that all the methods being executed on those corresponding endpoints need strong authentication. Hope, I could be of some help, Kind regards, Aditya
On Wed, Aug 21, 2019, 9:11 AM Yoo <[email protected]> wrote: > Hi, I'm gonna be using Django Rest Framework for API with a Postgres stack > and not developing with website. Coding apps in Swift and Androidx Java. > Users can POST rich text, or text that uses HTML, to the server, and then > other users can GET that HTML and view it in (ui)TextView. > > Based on previous experience, it seemed like Android's TextView wouldn't > have any trouble with XSS or the like. Not sure about Swift, so can someone > tell me if I should worry on the iOS side? > > Last thing. Because this is just an API, how does DRF protect my server > against some malicious JSON POST request? A request that isn't sent from > the designated app or is hand-crafted. If DRF doesn't somehow serialize > correctly, then there would be some server issues, right? Gah worrying. > > TL;DR. Programming mobile with DRF. Should I worry about Rich Text (HTML > Editing) on client and/or server side? > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/6c6b92e2-7e49-42f8-abe5-d05b1d0f4619%40googlegroups.com > <https://groups.google.com/d/msgid/django-users/6c6b92e2-7e49-42f8-abe5-d05b1d0f4619%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAEPfumiUNLrfAwEZWu5vkW3HKRk%2BD9NBRLMNANMBU_vjJ7-GcQ%40mail.gmail.com.
