Like of @ryanflorence's tweet · Jamie Tanna

Post details

Followed a tutorial and put JWTs in localStorage? If the guy behind UNPKG wanted to, he could inject code to JS requests and collect all of your users JWTs. Same w/ any 3rd party scripts you use. 2B req/mo is a lot of tokens. I put that crap in signed, https, SameSite cookies.
Ryan Florence (@ryanflorence)Fri, 12 Mar 2021 18:02 GMT

Sat, 13 Mar 2021 01:18 by Jamie Tanna . #web #security.

Also on:

This post was filed under likes.

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.