Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vlad2021-02-04 03:07:30
JavaScript
Vlad, 2021-02-04 03:07:30

Should the token be protected?

Please tell me, is it necessary to somehow protect the token in such a scheme?
I'm creating a one-page site with a "get data" button and a token field.
And there is a third-party service with an API that issues an access token. This token must be inserted into Headers on every request.

To get data from this service, my user copies the token issued to him into a field on my site. I write this token in a cookie and send a normal fetch request to that service, extracting the token from the user's cookie.

So is it safe for the user? Or do I need to use some flags in the request?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
0
0ffff0, 2021-02-04
@Vlad024

There is some interesting reading here about HttpOnly flags to protect your tokens from XSS attacks, SameSite and anti-CSRF tokens.

Similar questions
D
Danil Vaskevich2021-06-01 14:31:57
How to fix an error in the = operator? 2Reply
M
MrAfitol2021-06-01 19:44:14
How to play sound through discord bot? 2Reply
N
Nik_Haker2015-08-13 17:49:35
How to programmatically delete cookies from all browsers? 3Reply
K
kirill2709992019-12-24 01:25:07
Why doesn't sorting data from the database in js work? 2Reply
L
Lorem Ipsum2019-12-24 11:23:03
UITableView jumping images received from server? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question