superskyyy / iqueensu-frontend Goto Github PK

as mentioned in title

Also, headerBar can be shrunk to a Hamburger like the one on Github Page, or leave it there when a mid-width being set. I will implement both ideas and see which one has a better usr experience.

Sass 包含variable功能可以有效的保证design中shared content（e.g. 颜色）（我也就想到了颜色比较repetitive） 的一致性。

最后一列Load那里的绿色Component说不定可以重复使用已经有的Component。 我晚点会把最新的code push上去。 比较麻烦的是里面的数据是从哪获取的，我查一下现在已有的api看有没有。

今天或者明天我会把写api的大概模板传上来，这样可以有个参考。

是不是可以结合redux 来记录每个带着的href。

https://media.discordapp.net/attachments/666711789412679708/700237880580112474/unknown.png

Now our pages are separated.

1. Send UUID to Detail page to fetch API data.
2. Render detail page based on the requested course.

This should be implemented within few lines of code change.

• API Key/ Secret + Timestamp ===> For public access APIs

• JWT Cookie Storage ===> All user login required APIs

• CSRF Token - Web Storage ===> Prevent CSRF attacks introduced by cookie storage, the JWT token is transmitted to back-end via cookie, not header since we cannot read cookie with JAVASCRIPT once it's set as HTTP only. Thus, CSRF attack is possible. We do not need to worry about XSS.

One possible method.

• Store JWT is an HTTP only cookie.
• In that JWT, store a hashed version of an XSRF token.
• Send the client the XSRF token when they sign in so they can store it in local storage
• Later when the client sends requests, the JWT is automatically sent with each request via cookies and then you also send the XSRF token via a header or query variable and on the server side, re-hash to compare to what’s in the JWT on the server

Possibly forgot password page.