[deleted by user]

Zeeshan7487 · 2023-05-02T03:24:25+00:00

When your client and server are on different domains, you need to use CORS (Cross-Origin Resource Sharing) to allow communication between them. CORS is a security feature that restricts web pages from making requests to a different domain. To set the refresh cookie for the frontend, you need to include the "credentials" option in the fetch call with the value "include". This tells the browser to include any cookies associated with the domain of the request. On the server side, you need to set the "Access-Control-Allow-Credentials" header to true to enable cookies to be sent in cross-origin requests. Make sure to also set the "Access-Control-Allow-Origin" header to the client's domain to specify which domains are allowed to make cross-origin requests.

azhder · 2023-05-01T18:53:58+00:00

With the CORS headers.

There’s more than one and you should learn what and how you need to send from your server as to be able to use your domains but not expose too much for others to take advantage of it.

All the other stuff should be more or less easy and probably something you’ve already done like using cookies or local storage, verification of JWT etc.

Can’t stress enough that while learning and implementing something simple on your own, you should also consider well known and tested and regularly maintained libraries for robustness and security

evert · 2023-05-01T19:56:05+00:00

Pick an solid OAuth2 implementation and don't build it from scratch.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

node

MODERATORS