Security Controls
Token Handling, Headers, CORS & CSRF Protection
1. Token Strategy
1.1 Token Types
Token
Purpose
Usage in OpenG2P
1.2 ID Token Handling
Usage Guidelines
1.3 Access Token Handling (Primary Security Token)
1.4 Token Storage (Cookie-Based Approach)
Cookie Configuration
1.5 Attribute Explanation
Attribute
Purpose
1.7 Design Rationale
Decision
Reason
2. Security Headers
2.1 Header Purpose
Header
Description
3. CORS Configuration
3.1 Allowed Origins
3.2 Credentials Support
Implications
4. CSRF Protection Mechanism
4.1 CSRF Token Cookie
4.2 Cookie Comparison
Cookie
HttpOnly
Purpose
4.3 Frontend Implementation
4.4 Backend Validation (in all APIs)
4.5 Security Model
5. Content Security Policy
6. End-to-End Flow (With Both Tokens)
Step-by-Step
6. Security Guarantees
Threat
Protection
Last updated
Was this helpful?