0

I am using the Django Rest Framework for my backend and React for my front, and they are served in different domains and subdomains, and now I am completely confused about what I should do to secure my APIs from XSS and CSRF attacks. I wish to use simple-JWT for the application, but my research showed that it is vulnerable to XSS. And if I store them in http-only cookies, they can't be accessible on the front end to add them to the authorization header, and it would be like using sessions. What should I do? And what is the best practice for securing APIs?

I also used dj-rest-auth package, but it was a little bit tricky, if someone used this module it would be grate to hear the experience. I would be glad to hear your suggestions.

Improve this question
2
  • This question is similar to: Where to store JWT in browser? How to protect against CSRF?. If you believe it’s different, please edit the question, make it clear how it’s different and/or how the answers on that question are not helpful for your problem. Commented Jul 28, 2024 at 9:37
  • you know i didn't get my answer and i just became more confused , i need some one to explain entirely and give me some examples or codes @ChukwujiobiCanon Commented Jul 28, 2024 at 9:53
Related questions
383
Where to store JWT in browser? How to protect against CSRF?
86
React frontend and REST API, CSRF
178
Django Rest Framework remove csrf
Load 4 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.