Secure JWT in Development and Production Environments - Githubissues

Phastboy / buddy

Buddy is a comprehensive web application designed to enhance learning experiences.

0 stars 0 forks source link

Secure JWT in Development and Production Environments #28

Open Phastboy opened 2 weeks ago

Phastboy commented 2 weeks ago

Ensure that JWT is correctly handled in different environments with special attention to security in production.

Tasks:

Step 1: Environment Variable Setup for Security

Define variables like JWT_SECRET, COOKIE_SECURE, and COOKIE_MAX_AGE in .env for different environments (development, production).

Step 2: Configure JWT and Cookies for Development and Production

For production, set COOKIE_SECURE = true, ensuring cookies are only sent over HTTPS.
For development, allow cookies to be sent over HTTP if needed (but always with the httpOnly flag).

Step 3: Implement Secure Cookie Policies

Set up proper SameSite cookie policies to avoid issues with cross-site requests.

Step 4: Test Cookie Behavior in Both Environments

Ensure that cookies are set with the correct flags (Secure, HttpOnly, SameSite).
Test JWT storage and access in both environments.

Acceptance Criteria:

Cookies are securely configured in both development and production environments.
JWT handling follows security best practices across environments.