I am working on an open source project. It will eventually have a JSON API that will interact with an android mobile app. Should i have say the login code for the web site, and the JSON API for the mobile client on separate routes?Example:module.exports = function(app) { app.get('/', function(request, response) { ... }); app.post('/', function(request, response) { ... }); } andmodule.exports = function(app) { app.get('api/', function(request, response) { ... }); app.post('api/', function(request, response) { ... }); } I heard there were security issues with using body parser like so:app.use(bodyParser.urlencoded({ extended: false })) // parse application/json app.use(bodyParser.json()) and instead you should use this:// create application/json parser var jsonParser = bodyParser.json() // create application/x-www-form-urlencoded parser var urlencodedParser = bodyParser.urlencoded({ extended: false }) // POST /login gets urlencoded bodies app.post('/login', urlencodedParser, function (req, res) { ... }) Any advice would be appreciated.
Submitted October 29, 2018 at 12:02AM by Ookma-Kyi
No comments:
Post a Comment