Y
Hacker News
new
|
ask
|
show
|
jobs
by
evrflx
499 days ago
With an XSS exploit it is game over, you control the browser. Adding more complexity and opening up the possibility of CSRF exploits with BFF does not look like a good trade off to me.
1 comments
TobbenTM
499 days ago
You don’t open up for CSRF attacks if you use same site cookies, which I guess is part of why this pattern is seeing more use now.
link