|
|
|
|
|
|
by GauntletWizard
1667 days ago
|
|
|
I'm of the (weak) opinion that if you have www.coolapp and api.coolapp, you should have port 80 closed on api. - don't even serve redirects. Any legitimate traffic would be broken anyway, and it prevents you from even accidentally doing something stupid like serving a cookie without secure, or receiving (unencrypted) a token from a misconfigured client. |
|
|