SPAs were a mistake - eviltoast
  • gornius@lemmy.world
    link
    fedilink
    arrow-up
    25
    ·
    11 months ago

    Then again, cookie auth is vulnerable to CSRF. Pick your poison.

    Although CSRF protection just adds a minor inconvenience, while there is never a guarantee your code is XSS vulnerability free.