SPAs were a mistake - eviltoast
  • 520@kbin.social
    link
    fedilink
    arrow-up
    6
    arrow-down
    1
    ·
    edit-2
    11 months ago

    Basically it means that the API calls won’t work in a browser and would only realistically work in things like Python scripts.

    If API calls are being handled by JavaScript in the browser, they’re going to run into issues, because the HttpOnly flag means the JavaScript code can’t read the auth token.

    Things like Python scripts have no such limitations though, so this can be used in cases where you aren’t expecting an actual browser.