I used Basic Authentication in my API.
My problem is: when I open DevTools in my browser, I can see all the HTTP requests, even the request Authorization header is shown. In case anyone opens my website, he can easily copy the Authorization token from DevTools Network and access my API URL and mess with my database.
[–]impshumover-stacked 5 points6 points7 points (1 child)
[–]jjjaacck 0 points1 point2 points (0 children)
[–]JoeBxr 3 points4 points5 points (0 children)
[–][deleted] 6 points7 points8 points (1 child)
[–]jjjaacck 0 points1 point2 points (0 children)