minus-squareimmortaly007@feddit.nltoProgrammer Humor@lemmy.ml•SPAs were a mistakelinkfedilinkarrow-up1·11 months agoIt’s a security thing. The HttpOnly cookie can’t be stolen using XSS or something like that, while a bearer token must be stored somewhere where javascript can see it. linkfedilink
It’s a security thing. The HttpOnly cookie can’t be stolen using XSS or something like that, while a bearer token must be stored somewhere where javascript can see it.