by @Andrey Danau, Wallarm Research If you are like many app developers, you may be using nginx or apache proxy or a web server on the front end of your application. If you are on a tight schedule, it is tempting to tie authorization and data controls simply to the locations defined in the front end. Here lies a pitfall — due to a different treatment of the location path by the java-based back-end and the front-end.…
