loading...

re: How to securely store JWT tokens. VIEW POST

TOP OF THREAD FULL DISCUSSION
re: I don't know. That issue about leak the session can also be fixed with CSP, since you can block external communications too. I never use node modul...

So you suggest serving external js from another domain and set a CSP to disallow these scripts to access local storage or make ajax requests?

That’s correct. But if you serve external scripts through a CDN for example, and set a csp you are secure with the cookie implementation too. I may write a complementary article or extend this one at some point. Thanks for your feedback its really valuable!!!

code of conduct - report abuse