Alan Barksdale
Engineer, Security Wonk, Fine Dining Enthusiast, Krav Maga Instructor, Hand-to-Hand Combat Specialist, and proud father.
n terms of security, all API calls should be using https and there is little difference in putting the token in headers or as part of the query string. Do beware that the token should be filtered in the logs.
Killing CORS Preflight Requests on a React SPA
Damon Aw
1177
I would be wary about this advice.
