1 Matching Annotations
- Oct 2021
-
github.com github.com
-
So if I just forward the cookie header (which contains the access-token), wouldn't that be just what I am not supposed to do. I mean what's the point of using 'HttpOnly' flag if I return the token to the client-side js on every request.
-