Fastboot best practice
ChoffaH opened this issue · 1 comments
ChoffaH commented
When I use this library with Fastboot the page first renders without any authentication, as expected when it's rendered on the server, then after a second restores the state.
My question is if it's safe to use the CookieStore for this plugin? I did read somewhere that the refresh token should not be stored in the cookie store.
Or is there some other better way to handle this?
fenichelar commented
@ChoffaH Depends on your specific security requirements. You would definitely want to implement CSRF tokens if you use the cookie store.