In this chapter, you learned how to create a TLS certificate with NSS tools. You saw that the certificate can be quickly embedded into a Dart web server without extra effort on the developer's part.
We discovered how to secure the client side with the
HttpOnly special attributes of cookies to prevent the web browser from sending cookies via an insecure connection.
We used HSTS to prevent SSL man-in-the-middle attacks. We applied CSP to make sure that only allowed content can be loaded and used by the web browser. We also used CORS to specify what resources from our web server can be shared and why that solution is much better than JSONP. Finally, we embedded the CAPTCHA solution based on the free service reCAPTCHA from Google ...