Security

1. CSRF

Cross-Site Request Forgery (CSRF)

HTTPS does nothing to defend against CSRF.

2. authorization VS authentication

authorization: what you can do

authentication: who you are

3 OAuth2

OAuth (Open authorization) is an open standard for token-based authentication and authorization on the Internet.

OAuth 2 provides users with the ability to grant third-party access to web resources without sharing a password.

4. CORS