|
|
|
|
|
|
by abetlen
2315 days ago
|
|
|
I think you're mistaken on point one, sites that use localStorage to store tokens are not in general susceptible to CSRF attacks [1]. The reason being that seperate domains can't access eachothers sessionStorage or localStorage in the browser. In fact that's one of the advantages of using the DOM storage APIs over sessions/cookies [2]. 1. https://stackoverflow.com/a/35347022 2. https://youtu.be/WlmKwIe9z1Q?t=3658 |
|
|