William
Reputation: 171
Does same site cookie/bearer token make same origin policy obsolete?
Same origin policy exists to prevent other pages steal the cookie or other sensitive information to attack the victim website. But now, we have same site cookies and local storage to for auth tokens that works on per site/origin basis, are there any remaining use cases for origin policy?
Upvotes: 0
Views: 13
Answers (0)
Related Questions
- Where to store the refresh token on the Client?
- Access token and Refresh token best practices ? How to implement Access & Refresh Tokens
- Why Same-origin policy isn't enough to prevent CSRF attacks?
- Confused with Same Origin Policy of Browsers
- Cross site scripting attacks and same origin policy
- Without Same Origin Policy could an evil site read the CSRF token?
- How do HttpOnly cookies work with AJAX requests?
- What can "Same Origin Policy" buy us?