ng-insecure

This Angular application is authenticated, but calls an unsecured API, the endpoint to which is visible in the code bundle on initial page load.

Data in the unsecured API is falsified for demo purposes.

This repo demonstrates why you should never rely solely on front-end authentication to secure sensitive data.

Dependencies

Clone the repo:

$ git clone https://github.com/kmaida/ng-insecure.git

Install dependencies:

$ cd ng-insecure
$ npm install
# or yarn install

To start the local development server:

$ ng serve

The app will then run at http://localhost:4200.

To build the app and start the webserver which runs the code from the /dist folder:

$ ng build --env=staging
$ node server

The app will then run at http://localhost:1339.

NOTE: You must comment out the app.use(reqSec); line in the server.js file in order to run the app without HTTPS.

Name		Name	Last commit message	Last commit date
Latest commit History 20 Commits
dist		dist
e2e		e2e
src		src
.editorconfig		.editorconfig
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
angular.json		angular.json
karma.conf.js		karma.conf.js
package-lock.json		package-lock.json
package.json		package.json
protractor.conf.js		protractor.conf.js
server.js		server.js
tsconfig.json		tsconfig.json
tslint.json		tslint.json