ankemp
commented
7 years ago Some things to consider: https://github.com/angular/angular-cli/issues/3430 && https://github.com/angular/angular-cli/issues/6872
Open kmturley opened 7 years ago
ankemp
commented
7 years ago Some things to consider: https://github.com/angular/angular-cli/issues/3430 && https://github.com/angular/angular-cli/issues/6872
alexabbott
commented
7 years ago @kmturley
Inputs are sanitized/escaped (no xss) DONE
File uploads are restricted to safe formats DONE - restricted on FE and in Storage Rules
CSP whitelist (only allow specific domains) DONE - had to add 'unsafe-inline' for CSS + 'unsafe-eval' for JS based on the articles @ankemp commented, then 'unsafe-inline' for JS because of CKeditor (WYSIWYG)
User/admin permissions are correct, no holes DONE
Firebase read/write rules are correct, no holes DONE
Firebase data schema is scalable (don't load whole lists at once, structure into separate lists) DONE
Application can scale on firebase hosting, email sending, uploads DONE -- email sending is via gmail, so it is limited. Scaling email sending would require use of third-party email service like Mailgun
Estimate costs at scale, compared to static hosting, and Python hosting TODO
kmturley
commented
7 years ago Getting some permissions errors now when I view the admin area:
Am I an admin?
alexabbott
commented
7 years ago @kmturley yes, you are a super-admin, but it says your account has not logged in yet? I've updated some of the admin functionality recently so you may have to re-login via /login
The paths you've listed should have /admin in front of them and a couple of them are invalid:
Need to check: