DEV Community

loading...

Discussion on: localStorage vs cookies: the "tabs vs spaces" sterile debate of web development 🙄

oguimbal profile image
Olivier Guimbal Author

You can mitigate this very easily. That's what CSPs are for.

Actually, it's much more easy and reliable than mitigating XSRF, given that you just have to do it once, and it does not require any code... (you can just put the right CSP in your CDN config)