top | item 42857263 (no title) evrflx | 1 year ago With an XSS exploit it is game over, you control the browser. Adding more complexity and opening up the possibility of CSRF exploits with BFF does not look like a good trade off to me. discuss order hn newest TobbenTM|1 year ago You don’t open up for CSRF attacks if you use same site cookies, which I guess is part of why this pattern is seeing more use now.
TobbenTM|1 year ago You don’t open up for CSRF attacks if you use same site cookies, which I guess is part of why this pattern is seeing more use now.
TobbenTM|1 year ago