Liked a post on Twitter
Followed a tutorial and put JWTs in localStorage? If the guy behind UNPKG wanted to, he could inject code to JS requests and collect all of your users JWTs. Same w/ any 3rd party scripts you use. 2B req/mo is a lot of tokens. I put that crap in signed, https, SameSite cookies.
Ryan Florence (@ryanflorence)Fri, 12 Mar 2021 18:02 GMT
This post was filed under likes.