I'm using envoy proxy between Go server with gRPC and my Flutter web app. I can use TLS between envoy and Go server, that's fine, but my concern is between envoy and my web app. How can I protect this connection? What is the best way?
There is no perfect solution currently. Only thing you can hope for is browsers to support GRPC. Current situation demands that you host proxy and web app on same server so that there is no external access. If proxy and web app are on different servers it depends on security of proxy provider.