Auth0 Home Blog Docs

Commenting engine based on Nuxt+Express+Auth0, to be used on static sites

Which is made to be added to a multi page static site, like GitHub Pages or Netlify. The project is here

Still, I am concerned with security.

First security problem is the project works by adding <iframe> with a specific URL. X-Frame-Options doesn’t allow multiple, but specific URLs. I guarded everything but GET requests, so comments can still be shown.

Second security problem is that I store both raw token and decoded user profile on Nuxt server, and send the token back to the client on nuxtServerInit. Not sure if this is secure.

I planned to recreate on project on separate platforms. Maybe Express server + True static site (Vue CLI), on entirely separated packages.

My plan is pop-up is OK, but redirects are not; so I used simply auth0-spa-js.

Seriously, there should be something like security or audit tags…

Thanks for showing your auth!