Open tenkus47 opened 2 months ago
i was going through some api docs and methods for securing API , found out that generally the token that are related to api are sent using cookies, which is more secure than normal get request data or storing the token in localstorage. because cookie are not accessible to Javascript directly and by default perform CORS restriction too.
with user-prefs token
without user-prefs token
@Karma-Tsering test https://kharagedition.com/product/tibetan-ai-bot if it works or not ?
Kharagedition is still working
Description
This document outlines the proposed changes to the application architecture to transmit tokens via cookies rather than sending them in the loader GET request. The motivation for this change is to enhance performance and follow suggested best practices.
Completion Criteria
Steps