• 2020-07-23
  • 6 minutes

Understanding CORS and SOP bypass techniques

CORS which stands for Cross-Origin Resource Sharing is a system designed to help ‘bypass’ some of the restrictions introduced by Same Origin Policy (SOP prevents javascript code from interacting with resources from other origins). Basically CORS lets us define a set of ‘rules’ to specify which resources can access responses from our server. By default no […]
Continue Reading
  • 2020-03-27
  • 4 minutes

Auth Token in LocalStorage

Getting right to the point: storing a token in LocalStorage is insecure.It’s getting more and more common to use token based authentication, specially on Single Page Applications (SPA) that need to communicate with an API. That is a good thing, and I really like the idea of JWT tokens. Why localStorage is bad Well, when […]
Continue Reading