Comment by t0astbread

There is the possibility of other programs making HTTP requests so you shouldn't assume trust on any request automatically. What you can do is give the browser a cookie once when your app starts which you then check on every request.

Oh and listen on 127.0.0.1, not 0.0.0.0. That way your app is not needlessly exposed to the network.