loading...

re: How to secure JWT token in React? VIEW POST

TOP OF THREAD FULL DISCUSSION
re: The recommendation to not store the token in localstorage here is a tricky one. In most SPAs, Javascript will need access to this token and there a...
 

Most of the resources on Internet suggest to store JWT in httpOnly cookies. But I am confused, if we store the JWT in httpOnly cookies how can we perform AJAX api calls (that require authorization) using fetch or axios, since we cannot read httpOnly cookies. So, the only option is to store them in non-httpOnly cookies which are almost at the same level if we consider XSS. Am I right?

code of conduct - report abuse