loading...

re: How to securely store JWT tokens. VIEW POST

TOP OF THREAD FULL DISCUSSION
re: If you use CSP to block any inline-script/insecure-script and also enforce that only trusted JS files must be accepted: there's no issue about usin...
 

Also a small comment, I personally think that the endpoints that are related to payments and generally sensitive account actions should require an extra login with a different authentication method, valid for one API call only (especially for payment API calls) and should be served in a page where only vanilla javascript written by the web application developers is used.

code of conduct - report abuse