I was recommending using CSP to defend from XSS if you MUST store the token in FE.

I read your statement as an implication for the SSO case that the FE or BE should persist the…
1
1
Travis Alpers
Damian Rusinek
·Follow
1 min read·
Jul 7, 2020
--
I was recommending using CSP to defend from XSS if you MUST store the token in FE.
But you are right, the idea of storing token in FE is a bad idea as such.
--
--
Written by Damian Rusinek125 Followers
·24 Following
Security Consultant @ Securing, PhD, Blockchain Security, Cryptography Protocols || Twitter: @drdr_zz
No responses yet
Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams