Protecting the client with browser-policy
Securing your database is pretty straightforward in Meteor, but what about client-side security? Meteor has you covered there as well, using standard Content-Security-Policy and X-Frame-Options safeguards. This recipe will walk you through adding the browser-policy package, and configuring basic client-side security.
Getting ready
We will create a brand new project as usual, but we will be keeping the default files, creating some unsafe scripting functionality along the way.
Scaffolding setup
In a terminal window, navigate to where your project root will be, and execute the following commands:
$ meteor create secure-client $ cd secure-client $ mkdir {client,server,both} $ mv secure-client.* client/ $ meteor
Add CDN-hosted bootstrap
Visit the official Bootstrap Getting Started page, located at http://getbootstrap.com/getting-started/ and scroll to the section marked as Bootstrap CDN. Copy the contents from that section, and insert them into the <head...
