as shown in the title:
because the front and rear ends are separated from each other, jwt is used as a token to save user information.
token is easy to be attacked by XSS when placed in localstorage, so I thought of using httpOnly"s cookie to save token information.
but the front and back end is cross-domain, and the back-end set-cookie has no effect. It"s stuck here right now. I hope the boss can help solve it
you can use session, to store session in redis to share
one. The separation of front and back ends should not be cross-domain. If cross-domain, api requests will also cause problems. Therefore, the backend should first set the allowed domain name.
2, in fact, it is as easy to be attacked by XSS in localStorage as it is in cookie, so don't expose too sensitive information. We obtain jwt, in the return process, and then the frontend gets the token, frontend control in the return process and puts it in the cookie or localStorage. Generally, the backend does not control the frontend.
Cookie cookie = new Cookie("token","XXXXX");
cookie.setHttpOnly(true);
//
cookie.setPath("*.baidu.com");what does token have to do with xss attacks?
the requirement is 010203 = > [01JEI 02jue 03] to write a regular "010203 ". Split (regular) = [01J 02pr 03] how do you write this? (0 [1-9] | (1 [0-2])) + g.test ( 0122 ) Why true is returned here. I want to match the number between 01 and 12....
< H2 > Development < H2 > ...
The common problem with is that the server does not allow the front end to cross-domain, right? I know that it is a cross-domain problem, but the leaders do not know, please give some explanatory suggestions, it is also good to share the pot, thank you....
< H2 > question < H2 > want to add a shopping cart table, let users add items to the shopping cart, click settlement to generate the order, but do not know how to design and associate < H2 > reference < H2 > the link I referenced https: blog....
< H2 > problem, want to find out a data set similar to Taobao shopping cart < H2 > A user has a shopping cart, there are multiple stores under one shopping cart, and there are multiple items under one store linked table query 1. Check out the shop...
if you have a question, you can only enter the regular format of "Chrme,Safari,Firefox ". ...
Can or some boss give me an empty template? Save it and then write your own style and so on! ...
preg_match( var ori_head_img_url = "(.*?)"; ,$content,$biz); "||"MjM5MjAxNDM4MA== MjM5MjAxNDM4MA== ...
I don t know much about how to call the interface from the front and back end, but I don t know how to explain it. I ll simulate a project to illustrate my problem. now we have a project, the front end is developed with vue, the back end is develop...