Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
RusMits2018-10-19 18:50:18
API
RusMits, 2018-10-19 18:50:18

How to safely pass an api token to an authorized user for a browser extension?

It is necessary to pass the user token for the api to the browser extension if it is authorized on the site.
How to do it safely?
It turns out that we open it possible from any domain to send us requests and a "hacker" can send requests to our site on his site and receive a user token (if he is authorized on our site), thereby gaining full access to the user's data.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
X
xmoonlight, 2018-10-19
@xmoonlight

1. One
2. Two

Similar questions
C
cassln2014-10-29 12:39:12
Is it possible to get the user's groups, where he is an administrator, via the odnoklassniki.ru API? 1Reply
T
Taras Labiak2016-10-30 18:21:58
How to get the sender's wallet in Payeer? 0Reply
S
Shane Matte2016-10-31 11:13:35
How to make requests to VK api without authentication? 2Reply
S
sl1m_dogg2014-11-03 11:05:50
How to pay a client via PayPal API? 1Reply
D
Delakey Blackhole2016-11-01 13:15:57
ASP.NET Core must be slow? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question