|
|
|
|
|
|
by bpicolo
1952 days ago
|
|
|
As the others said - XSS. Stored XSS can still be a vulnerability with secure cookies, but locally stored tokens are a dramatically easier thing to take advantage of as an attacker, as they can just exfiltrate the token and hit your APIs with it. For web browsers, cookie-based auth solves a ton of browser-specific problems that history has spent a long time building up answers for. |
|
|