DEV Community

loading...

Discussion on: Why Facebook's api starts with a for loop

Collapse
davis profile image
Davis

TLDR: use Auth Headers instead of cookies in your API and don't use script tags to call an API?? We shouldnt be looking at the hacks that giants use and instead use actual security improvements. CSP headers!

Collapse
antogarand profile image
Antony Garand Author

This was about 10 years ago, when CORS and CSP didn't exist