As always , unique questions with a great answers, I appreciate your efforts and I hope you can continue with this series, because its really filling important knowledge gaps :))
In the beginning you mention sending JWT tokens over via a header to your backend. Later on you mention storing the JWTs in a HTTP-only cookie, since cookies are sent over on every request. What is considerd best practice? Extract the token from the cookie on the frontend and place it in an authorisation header? Or send the coookies over to the backend and let the backend extract the token from the coookie?
Good job 👍
As always , unique questions with a great answers,
I appreciate your efforts and I hope you can continue with this series, because its really filling important knowledge gaps :))
In the beginning you mention sending JWT tokens over via a header to your backend. Later on you mention storing the JWTs in a HTTP-only cookie, since cookies are sent over on every request. What is considerd best practice? Extract the token from the cookie on the frontend and place it in an authorisation header? Or send the coookies over to the backend and let the backend extract the token from the coookie?
Literally answered at 1:38
Storing JWT is in Local Storage is vulnerable and choose storing in HTTP only is more secure.
thanks
The deloyment question part is so difficult for mid level 😐😐😐