Hi, Thanks for the prompt response (and sorry for such a late one). I suppose I'm simply asking about JSON in general and DRF validation. Using the general serializer (serializer.Serializers), DRF validates the JSON itself, right? So, if some malicious person sent Python code via the JSON using some kind of escape char, then DRF responds with an error, right?
Otherwise, is there some Django util that can deal with this? Because the API is just an endpoint. All someone has to do (at least in this project) is send a JWT Access token alongside some throttling. Can you point out some Headers that I can use? Is it possible to use some kind of app (i.e. android + iOS) signature? Thank you! On Tuesday, August 20, 2019 at 11:46:24 PM UTC-4, Aditya Singh wrote: > > Hi, > Hope you are good. > Django ships with top of the line CSRF protection first of all, Secondly, > you may specify domain specific headers and strictly restrict the expected > type of data, cookies timeout, response data type from the server to the > client. Also, you may leverage several robust django compatible packages > which relate to security and prevent any requests to the API whiah are > unauthorized. From unauthorized, I feel obliged to mention that you must > make sure that all the endpoints in your api are well defined and that all > the methods being executed on those corresponding endpoints need strong > authentication. > Hope, I could be of some help, > Kind regards, > Aditya > > On Wed, Aug 21, 2019, 9:11 AM Yoo <[email protected] <javascript:>> > wrote: > >> Hi, I'm gonna be using Django Rest Framework for API with a Postgres >> stack and not developing with website. Coding apps in Swift and Androidx >> Java. Users can POST rich text, or text that uses HTML, to the server, and >> then other users can GET that HTML and view it in (ui)TextView. >> >> Based on previous experience, it seemed like Android's TextView wouldn't >> have any trouble with XSS or the like. Not sure about Swift, so can someone >> tell me if I should worry on the iOS side? >> >> Last thing. Because this is just an API, how does DRF protect my server >> against some malicious JSON POST request? A request that isn't sent from >> the designated app or is hand-crafted. If DRF doesn't somehow serialize >> correctly, then there would be some server issues, right? Gah worrying. >> >> TL;DR. Programming mobile with DRF. Should I worry about Rich Text (HTML >> Editing) on client and/or server side? >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-users/6c6b92e2-7e49-42f8-abe5-d05b1d0f4619%40googlegroups.com >> >> <https://groups.google.com/d/msgid/django-users/6c6b92e2-7e49-42f8-abe5-d05b1d0f4619%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/a6ea2741-061c-4392-af73-6e9ff4dc5a16%40googlegroups.com.
