DEV Community

Discussion on: Today's rabbit hole: securing JWTs for authentication, httpOnly cookies, CSRF tokens, secrets & more

Collapse
rahulahire profile image
Rahul Ahire • Edited on

Really a Great detailed and elaborative article.

Hi @petrussola , I had an doubt that how to send httpOnly cookie if that's not accessible by axios(javascript) and especially how to send it with authorization Header

  1. Can CSRF be mitigated by SameSite:Strict attribute?
  2. Can you please share the Github Link of this article if you have any.. That would be more helpful for me to grasp all of these concepts...
Collapse
petrussola profile image
Pere Sola Author

hey, thanks!

  1. I honestly would not be able to answer that question, I embarked on the journey but I am far from being an expert.
  2. Sure:

github.com/petrussola/url-shortene...
github.com/petrussola/url-shortene...

Auth is a very scary topic, and I am starting to explore other options as recommended by a JS / React expert twitter.com/kentcdodds/status/1299...

Collapse
rahulahire profile image
Rahul Ahire • Edited on

This cookie topic actually eat my head a lot for 4-5days but now I'm somehow comfortable at it.
except the point of httpOnly cookie vs Authorization header or using both

technically its quiet easy to use httpOnly cookie
sadly there arent many clear cut tutorials on it. But, I'm hopeful about it