Secure communication between client and server

[bobinush]

Right now the API URL is in the settings file.
Anyone can “hijack” it to make changes to the data.

How can we secure this? I’m not looking for SSL encryption 2FA “what’s your mother’s maiden name” Fort Knox kinda safety. Just make it a bit harder to mess with.

Since the client is hosted on GitHub pages as a static site we don’t have many options..

Create a cookie and have that sent with every API call? Only accept API calls from certain url origins (CORS?)?

[lyret]

Don't remember right now but can look it up, but domain restriction could possibly already be implemented?Ant real security improvements would have to happen on the serverside. I had great enjoyment using Pocketbase as a server-side solution. Would suit this project fine as well I think and would solve the security issue.26 feb. 2026 kl. 11:24 skrev Robin ***@***.***>:bobinush created an issue (theborderland/map#64) Right now the API URL is in the settings file. Anyone can “hijack” it to make changes to the data. How can we secure this? I’m not looking for SSL encryption 2FA “what’s your mother’s maiden name” Fort Knox kinda safety. Just make it a bit harder to mess with. Since the client is hosted on GitHub pages as a static site we don’t have many options.. Create a cookie and have that sent with every API call? Only accept API calls from certain url origins (CORS?)? —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>