Closed srflaxu40 closed 5 years ago
make httponly cookie from node and get rid of storing anything of value in localStorage or sessionStorage. This is bad, because it can be vulnerable to XSS forgery.
https://blog.codinghorror.com/protecting-your-cookies-httponly/
http://scottksmith.com/blog/2014/09/04/simple-steps-to-secure-your-express-node-application/
make httponly cookie from node and get rid of storing anything of value in localStorage or sessionStorage. This is bad, because it can be vulnerable to XSS forgery.
https://blog.codinghorror.com/protecting-your-cookies-httponly/
http://scottksmith.com/blog/2014/09/04/simple-steps-to-secure-your-express-node-application/