This Angular application is authenticated, but calls an unsecured API, the endpoint to which is visible in the code bundle on initial page load.
Data in the unsecured API is falsified for demo purposes.
This repo demonstrates why you should never rely solely on front-end authentication to secure sensitive data.
- Node.js
- A package manager: suggest npm (which comes with Node) or Yarn
- Angular CLI
Clone the repo:
$ git clone https://github.com/kmaida/ng-insecure.git
Install dependencies:
$ cd ng-insecure
$ npm install
# or yarn install
To start the local development server:
$ ng serve
The app will then run at http://localhost:4200.
To build the app and start the webserver which runs the code from the /dist
folder:
$ ng build --env=staging
$ node server
The app will then run at http://localhost:1339.
NOTE: You must comment out the
app.use(reqSec);
line in theserver.js
file in order to run the app without HTTPS.
This demo app is live at https://nginsecure.kmaida.net.
MIT © Kim Maida 2018