I missed 𝙨𝙚𝙘𝙪𝙧𝙞𝙣𝙜 one endpoint — 𝘪𝘯 𝘥𝘦𝘷 — on my .𝗡𝗘𝗧 𝗪𝗲𝗯 𝗔𝗣𝗜 a few years back. It was a good lesson, and it led me to adopt a ‘𝘀𝗲𝗰𝘂𝗿𝗲 𝗯𝘆 𝗱𝗲𝗳𝗮𝘂𝗹𝘁’ mindset. 🔐
It’s easy to overlook 𝘦𝘯𝘥𝘱𝘰𝘪𝘯𝘵 security; one common practice is using 𝘪𝘯𝘩𝘦𝘳𝘪𝘵𝘢𝘯𝘤𝘦: creating a base abstract controller class with a 𝘥𝘦𝘧𝘢𝘶𝘭𝘵 𝘴𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘱𝘰𝘭𝘪𝘤𝘺. Sounds robust, right? But imagine a new team member creating a controller and forgetting to inherit from this base. The result? 𝗣𝗼𝘁𝗲𝗻𝘁𝗶𝗮𝗹𝗹𝘆 𝘂𝗻𝘀𝗲𝗰𝘂𝗿𝗲𝗱 𝗲𝗻𝗱𝗽𝗼𝗶𝗻𝘁𝘀.
This is just one scenario among many. To avoid such pitfalls, you can start 𝘀𝗲𝗰𝘂𝗿𝗶𝗻𝗴 𝗔𝗟𝗟 𝘆𝗼𝘂𝗿 𝗲𝗻𝗱𝗽𝗼𝗶𝗻𝘁𝘀. How? By invoking the 𝚁𝚎𝚚𝚞𝚒𝚛𝚎𝙰𝚞𝚝𝚑𝚘𝚛𝚒𝚣𝚊𝚝𝚒𝚘𝚗() method on 𝚊𝚙𝚙.𝙼𝚊𝚙𝙲𝚘𝚗𝚝𝚛𝚘𝚕𝚕𝚎𝚛𝚜() during startup. This ensures that every controller or endpoint 𝗱𝗲𝗺𝗮𝗻𝗱𝘀 𝗮𝘂𝘁𝗵𝗲𝗻𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗳𝗶𝗿𝘀𝘁 — 𝘢𝘵 𝘭𝘦𝘢𝘴𝘵. 🔐
𝚁𝚎𝚚𝚞𝚒𝚛𝚎𝙰𝚞𝚝𝚑𝚘𝚛𝚒𝚣𝚊𝚝𝚒𝚘𝚗() can be set up in different ways via a 𝙋𝙤𝙡𝙞𝙘𝙮. For instance, it can be configured to require a specific 𝙧𝙤𝙡𝙚 or 𝙘𝙡𝙖𝙞𝙢 to increase the default security level.
PS: 𝘐𝘯𝘵𝘦𝘨𝘳𝘢𝘵𝘪𝘰𝘯 𝘰𝘳 𝘯𝘢𝘳𝘳𝘰𝘸 𝘵𝘦𝘴𝘵𝘴 can ensure all endpoints are properly secured.
How do you ensure your controllers and endpoints remain locked tight? 🤔