Hacker News new | ask | show | jobs
by galaxyLogic 2023 days ago
IKs there a good simple way to keep it secret?

I assume someone could have a look at the JavaScript on the browser and see hey this must be the secret stored here because it is passed to the server on every request. Then write there XSS attack to use that.
1 comments
feanaro 2017 days ago
The secret would have to be non-static (not baked into the code).
link