Syed Mehdi R.
Reputation: 56
How to hide user jwt from browser inspect on Api request header
As a frontend developer, I have to send the token inside request header.
When I make api calls from web app frontend (lets assume REST Api), anyone can see it from browser inspect including the Api request headers having Authorization as well. Screenshot attached
Which is obviously very simple for anyone to gain access to our server. I want to know how do website developers tackle this when you have to send the token inside request header and not in cookies?
As a frontend developer if I have to send the token inside request header and not in cookies.
Upvotes: 0
Views: 122
Answers (0)
Related Questions
- How to manually send HTTP POST requests from Firefox or Chrome browser
- Where to store JWT in browser? How to protect against CSRF?
- Passing JWT in request header not working in groovy script
- Send jwt to API in request header from Reactjs frontend
- How can I insert jwt token needed for api authentication in api request header?
- How to store jwt token in localStorage and send it back to the server with header in express?
- How to automatically send JWT token collected in previous request in Postman
- JWT: how to handle GET requests when user opens a new tab?
- JWT not sent when loading url directly from browser address bar