Saving token and other login credentials in localStorage is not safe. It can be compromised by CSRF or XSS. Along with security improvement in #15, it will make JWT authentication safe.
[x] Move sensitive data stored in localStorage to http-only cookie
Saving token and other login credentials in
localStorageis not safe. It can be compromised by CSRF or XSS. Along with security improvement in #15, it will make JWT authentication safe.localStoragetohttp-only cookieReference
Spring http-only cookie (Korean)