Storing tokens in single-page applications - DEVhttps://dev.to/bjornlindholmdk/storing-tokens-in-single-page-applications-322k
A suggestion on where to store your secret tokens (for authentication) in single page applications.
TLDR: if your client and server applications are served on the same domain - use HTTPonly cookies with secure, domain and samesite attributes set. JS running on the page will then not have access to the token at all, preventing certain classes of XSS.
Related By Tags
- 🔗 Old CSS, new CSS / fuzzy notepad
- 🔗 A Conspiracy To Kill IE6
- 🔗 ClickHouse Playground
- 🔗 TABIX - Open source simple business intelligence application and sql editor tool for ClickHouse Database.
- 🔗 Axiomatic CSS and Lobotomized Owls – A List Apart
- 🔗 Performance is a UX problem | Clearleft
- 🔗 Some nice basic CSS styles
- 🔗 Part 3: Identifying Cultural Threats and Risks — errbufferoverfl [dot] me