From 1beef2905c4e11c63f5d450c0a98d75f5dcc1f3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateo=20Carriqu=C3=AD?= Date: Thu, 15 Jul 2021 14:38:04 -0300 Subject: [PATCH] Fixed grammar in jwt-in-cookies.md --- docs/usage/jwt-in-cookies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/usage/jwt-in-cookies.md b/docs/usage/jwt-in-cookies.md index 9cb5bb0..245e3b8 100644 --- a/docs/usage/jwt-in-cookies.md +++ b/docs/usage/jwt-in-cookies.md @@ -1,4 +1,4 @@ -Highly recommended using JWT in cookies, if your frontend interacts with the backend, your frontend may be storing JWT in the browser localStorage or sessionStorage. There is nothing wrong with this, but if you have any sort of XSS vulnerability on your site, an attacker will be able to trivially steal your tokens. If you want some additional security on your site, you can save your JWT in an httponly cookies. Which keeps javascript cannot be able to access the cookies. +Highly recommended using JWT in cookies, if your frontend interacts with the backend, your frontend may be storing JWT in the browser localStorage or sessionStorage. There is nothing wrong with this, but if you have any sort of XSS vulnerability on your site, an attacker will be able to trivially steal your tokens. If you want some additional security on your site, you can save your JWT in an httponly cookies. Which keeps javascript unable to access the cookies. Here is a basic example of how to store JWT in cookies: