Week 6 - Authorization Continued and Server Hardening Application Security And Hardening Return Home View Lecture Notes Goals Make our blog app support both single-server form-submit mode and multi-server API-request mode Implement JWT Tokens to secure our app in API-request mode Apply best practices to make our server more secure Topics Local Storage Using JWT Tokens for Authentication Content-Security-Policy Cookie Security Best Practice HTTP Header Settings Applications Week 06 - Insecure Blog App Part 5 A work-in-progress blogging application with basic user authentication and authorization This week we've added authorization via cookies and tokens Week 06 - CSP Example This simple app demonstrates using the Content-Security-Policy to control what source is allowed in an iframe.