Nuxt SSR + Supabase security
Hello everyone, I am building a project with Nuxt SSR + Supabase and I was wondering if I had to worry about CSRF and XSS. I was under the impression that the frontend and backend were secured enough together as they are managed in the same app (π€).
Supabase facilitates the login and its RLS is quite convenient.
I believe the Nuxt-Security module would be useful (ex. Rate Limiters) but is this a module any project absolutely need?
Also, if I setup a server API between the client and Supabase, how should I manage the security and permissions within the API?
Thanks in advance!
2 Replies
At least on the frontend/Vue you should be pretty safe from XSS as long as you dont use the v-html attribute or inject user defined html/js via any other methods
https://vuejs.org/guide/best-practices/security.html
Vue.js
Vue.js - The Progressive JavaScript Framework
Not an expert but I think security should be handled on the supabase side with rls and the built-in user management.
You should also be able to set permissions via triggers in supabase.
Most of my tables have a user_id column which I use to give full permissions for this row to the owner and some rules that give read permission to other users, like attendees of an event from the owner