4 Matching Annotations
  1. Jun 2021
    1. In short: storing the token in HttpOnly cookies mitigates XSS being used to get the token, but opens you up to CSRF, while the reverse is true for storing the token in localStorage.
    2. I started off really wanting to use HttpOnly cookies
  2. May 2021