7 Matching Annotations
  1. Nov 2022
    1. But what about a Refresh Token flow? When using a refresh token, confidential clients also have to authenticate. Public clients, such as browser-based applications, do not authenticate during the Refresh Token flow. So in a typical frontend application, refresh tokens issued to frontend web applications are bearer tokens.   In practice, this means that if an attacker manages to steal a refresh token from a frontend application, they can use that token in a Refresh Token flow. To counter such attacks, the OAuth 2.0 specifications mandate that browser-based applications apply a security measure known as refresh token rotation.
  2. Apr 2022
    1. This is not a path I'd recommend for small-to-medium-sized teams, but if you're inside a large organization committed to making SPAs with high walls between front-end and back-end departments, it might make sense.
  3. Feb 2021
    1. Now let me ask you, do you write JS for a single page application differently from a "traditional" web application? I sure hope you do! In a "traditional" application, you can get away with being sloppy because every time the user navigates to a new page, their browser destroys the DOM and the JavaScript context. SPAs, though, require a more thoughtful approach.
    2. Turbolinks is a Single-Page Application Turbolinks doesn't just give you some of the benefits of a single-page app. Turbolinks is a single page app. Think about it: When someone visits your site, you serve them some HTML and Javascript. The JavaScript takes over and manages all subsequent changes to the DOM. If that's not a single-page app, I don't know what is.
    3. Our app is mostly about displaying pages of static information. We crunch a lot of data to generate a single error report page.
    4. Honeybadger isn't a single page app, and it probably won't ever be. SPAs just don't make sense for our technical requirements.
  4. Nov 2020
    1. So, how does an SPA work? JavaScript loads in the browser and loads data from an API. Most of the rendering is done on the client Side. But search engine bots have a hard time indexing the page because it doesn't have much without JS.