I have web app. This consist of services deployed on Docker engine. The main services/containers are:
Frontend : React on Nginx web server
Backend (API) : Django, DRF on gunicorn on Nginx
For frontend I use Auth0. It works as expected. If user is not authenticated/authorized it is redirected to login page.
Now I want also to “secure” my backend that it only would accept authenticated connections from frontend.
For backend (Django) I also have CORS enabled (django-cors-headers package), but I still can connect from my browser my-site/api/ and get the response.
How should I secure my requests?
Great question! This is typically achieved by creating an access token to be validated by your backend - The following resources should be helpful in steering you in the right direction: