Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vlad2021-02-04 03:07:30
JavaScript
Vlad, 2021-02-04 03:07:30

Should the token be protected?

Please tell me, is it necessary to somehow protect the token in such a scheme?
I'm creating a one-page site with a "get data" button and a token field.
And there is a third-party service with an API that issues an access token. This token must be inserted into Headers on every request.

To get data from this service, my user copies the token issued to him into a field on my site. I write this token in a cookie and send a normal fetch request to that service, extracting the token from the user's cookie.

So is it safe for the user? Or do I need to use some flags in the request?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
0
0ffff0, 2021-02-04
@Vlad024

There is some interesting reading here about HttpOnly flags to protect your tokens from XSS attacks, SameSite and anti-CSRF tokens.

Similar questions
U
unlik2015-03-20 00:01:49
How to backup a dump to a remote server? 2Reply
Y
Yrets1692021-03-22 15:59:27
How to properly pull from two mysql tables? 3Reply
T
The Dragger2015-04-03 11:25:21
Which image upload for Yii would you recommend? 4Reply
G
Grandma Luda2021-03-26 10:22:15
When creating an oval on a canvas I can move the oval, but when I create a second oval I can't move the first oval only the second one? 2Reply
F
Fotonick2016-06-23 23:04:35
How to update fragment after AsyncTask called by button in adapter? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question