N
Nuxtβ€’7mo ago
LazyDali

Nuxt SSR + Supabase security

Hello everyone, I am building a project with Nuxt SSR + Supabase and I was wondering if I had to worry about CSRF and XSS. I was under the impression that the frontend and backend were secured enough together as they are managed in the same app (🀝). Supabase facilitates the login and its RLS is quite convenient. I believe the Nuxt-Security module would be useful (ex. Rate Limiters) but is this a module any project absolutely need? Also, if I setup a server API between the client and Supabase, how should I manage the security and permissions within the API? Thanks in advance!
2 Replies
nougatbyte
nougatbyteβ€’7mo ago
At least on the frontend/Vue you should be pretty safe from XSS as long as you dont use the v-html attribute or inject user defined html/js via any other methods https://vuejs.org/guide/best-practices/security.html
Vue.js
Vue.js - The Progressive JavaScript Framework
nougatbyte
nougatbyteβ€’7mo ago
Not an expert but I think security should be handled on the supabase side with rls and the built-in user management. You should also be able to set permissions via triggers in supabase. Most of my tables have a user_id column which I use to give full permissions for this row to the owner and some rules that give read permission to other users, like attendees of an event from the owner
Want results from more Discord servers?
Add your server