The Question(s) =]
- Based on my research, it seems like storing web tokens in local storage is the preferred method over using cookies in order to prevent CSRF attacks (I am aware that local storage is susceptible to XSS attacks though these seem easier to prevent than CSRF). This being said, I have been unable to locate any relavant guides on utilizing local storage for this means...
- I am looking for some help on understanding how the following works...
- What is the preferred method/workflow to pass a server-signed token to the browser's local storage.
- Once the browser stores the token, how do I then use that stored token.
- Do I need to stop the default submission of things like forms via JS and then send AJAX requests with the
authorization: Bearer <token>header with every request? - When a user clicks a link to a resource owned by that user, how do I send that token to server to grant access to the protected resource?
- Do I need to stop the default submission of things like forms via JS and then send AJAX requests with the
The Tools
- Front-end
- HTML5 (Compiled from Handlebars)
- JS
- CSS (Compiled from SASS)
- Back-end
- nodeJS (using Express)
NOTE: I hope to edit this post with code samples in the future (once I get the hang of it lol), to help other confused people like myself in the future
via canaan seaton
No comments:
Post a Comment