Any security experts out there?
I’m building a multi-screen Dash app with several different forms, which results in sending out different schemas being POSTed to the backend.
However looks like Dash is using a single endpoint for all backend calls - regardless of the originating form:
self._add_url("_dash-update-component**", self.dispatch, [“POST”])**
My company uses a WAF product for securing backends for webapps.
The single URI kind of makes thins messy with the WAF, as if I were to create a security policy for the Dash app that understands just the JSON schemas that I need for certain screen sending form data, I’m being forced to declare fields that are valid only for other screens.
Is there anything that I can do to provide finer control over the backend calls and how to differenciate them to different policies?
Thanks in advance