a question about http requests..

submitted by chickenz from self.programming

sorted by:
top
newinsightfulfun
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (0 children)

Sounds like you already have the CORS handled then

For cookies you wanna set the 'secure' and 'http-only' flags. You also want to use a key to cryptographically sign any of the cookies so you know you attached them and not an attacker. HMAC is considered the best practices protocol for key generation