I have a backend API, frontend JS web app, and a Google Chrome extension which uses an iframe to display the frontend web app.
I'm looking for someone that understands the following topics very well:
1. Cookies, SameSite, httpOnly, CORS
2. Nginx and reverse proxies
3. Web security issues around CSRF, XSS, etc.
My current setup allows the backend API to work well with the frontend JS web app. It uses an httpOnly cookie that the server uses to track the session.
My problem is when I try to present the frontend JS web app through an iframe.
I need help getting all this working correctly.
This may include helping me setup local development tools that will include setting an NGINX proxy with SSL certs so I can set the SameSite value as None with Secure as true.
You should understand the above topics very well to bid on this project.
Thanks and good luck.