what if the token of jwt exists and the localStorage, is obtained through a xss attack, so that cross-site forgery requests can be made to send illegal requests to the server? Or you can add another ase request to token. I don"t know much about jwt just now.
token generated by jwt is not encrypted. Its function is to ensure the credibility of the data and prevent it from being tampered with. The security of token itself needs other technologies to ensure.
for example, cross-site attacks like you are worried can be prevented by cookie storing token . But there are other dangers with cookie , such as cross-site request forgery CSRF , so other security measures are needed to prevent CSRF , but if api needs CSRF , it will cause other problems.
can be ensured by adding encryption and more verification conditions.
these require you to know more about these security means, and then decide which to use according to your needs and costs.
TOKEN is added to HEADER and uses HTTPS to communicate. Is there any security risk?
location of JWT storage-Cookies and HTML5 Web storage
background: the backend crawls the details pages of other websites. If you want to put them in our mobile phone app and keep the style uniform, you cannot use iframe. But we are not sure about the complexity of this detail page. There may be table, i...
git remote add origin git@github.com:suiweinuv demo1.git Why remote Kujiao origin, when operating locally, but the real demo1? displayed on GitHub ...
does not mean to configure web.xml, in the project but in the conf web.xml of tomcat ...