Hi everybody,
I’m new to this forum, so please don’t mind me not knowing any customs here
I’m currently building a contact form in an astro/react frontend. When the user submits, a post request is made to my strapi backend. With a lifecycle hook then an email is sent to my private mail adress.
This works all fine. However now that I got it to work, I’m starting to wonder how to secure this setup. I would like to make sure no malicious code get’s run on the backend, so backend-side sanitization is a must for me. Additionally I would like to protect against a centralised spam-attack, probably with a sleep(300) or whatever is the thing you do in Javascript land
My questions:
- Are there best practices for how to secure user input in strapi?
- What does strapi already do and what MUST I do additionally?
- Any docu/tutorials/anything out there you could recommend for reading into security and input fields built with strapi?
For some Input I would be more than thankful!
Cheers from Germany,
Max