Which is made to be added to a multi page static site, like GitHub Pages or Netlify. The project is here
Still, I am concerned with security.
First security problem is the project works by adding
<iframe> with a specific URL. X-Frame-Options doesn’t allow multiple, but specific URLs. I guarded everything but GET requests, so comments can still be shown.
Second security problem is that I store both raw token and decoded user profile on Nuxt server, and send the token back to the client on
nuxtServerInit. Not sure if this is secure.
I planned to recreate on project on separate platforms. Maybe Express server + True static site (Vue CLI), on entirely separated packages.
My plan is pop-up is OK, but redirects are not; so I used simply
Seriously, there should be something like