DEV Community

Discussion on: Should RESTful API URL be clean (/api/:param)?

 
rhymes profile image
rhymes

HTTP only cookies can't be read by JavaScript yes, but if someone has physical access to your computer they might be the least of your worries :D

The content of the back and forth in the HTTP requests is going to be encrypted by the transport protocol if you use TLS but your "network tab" is obviously going to be able to see the content of the request/response, the goal is here to encrypt it when it's traveling through the wire. If the browser weren't able to decrypt the transmission you wouldn't even see this comment I'm writing.

Hope this helps!