decode() doesn't verify the authenticity of the jwt (the server secret)
Opened this issue · 0 comments
tomasdrgon commented
decode() doesn't verify the authenticity of the jwt from localStorage (in index.js), so PrivateRoutes might be accessible with a forged jwt