Security and CSS?

Hi All,

I am currently making a simple website with social login integration on node.js with express. Very similar to the social auth challenges here on freecodecamp.

I may be overthinking, but are there any best practices for serving css for secure routes/pages?

Right now, I am making all css public via:

app.use('/css', express.static(process.cwd() + '/css'));

For routes that require authentication, is it a best practice to serve their css only when authentication is verified?

Thanks for any help!

Your overthinking it.

The most common practice is to provide a public folder that returns “static” assets, such as html,js,css,images. Right now I assume you have a folders of css, html,js. Id throw all of them into a single folder, and “serve” that folder to users.

You can secure these with middle-ware if you choose so. It depends on your application tho, if your application has a lot of “public” facing pages that require no authentication then it probably wont make sense.

But if your app is say a banking app, and the only page you can access without authentication is the login page, then you could use middleware to prevent access to the public folder, besides the login page and its assets.


Great, thanks for the reply, figured as much.

The site is 90% public facing, with an admin upload page locked behind a login.