Y
Hacker News
new
|
ask
|
show
|
jobs
by
thdrdt
2397 days ago
Yes, but when the server does not send the token as cookie the only option is to store it with JavaScript. And yes, that also means (any) JavaScript can access the token.