I am building a basic cors proxy, And in one of the use cases I need to pipe request, so I thought of using pipe
with Request.js
as shown in below image
I am not so expert in security. Could someone list possible security Implications from the above code?
If you look closer, you will notice that your client's request is being sent to mysite.com (req.pipe(x);
). mysite.com can access your clients' cookies (they are sent along with the request headers). If it is a malicious website, they can use those cookies to imitate your users on your website. Think of it as giving someone your computer right after logging in to stackoverflow. They don't have to know your username and password to do stuff on stackoverflow after that. Giving your session cookies are basically the same thing.