Y
Hacker News
new
|
ask
|
show
|
jobs
by
iaaacdev
3032 days ago
As long as you protect against CSRF attacks (I do not know anything about passport.js), cookie authentication is okay provided the API is not going to be consumed by external sites.