undefined | Better HN

0 pointsevrflx1y ago0 comments

With an XSS exploit it is game over, you control the browser. Adding more complexity and opening up the possibility of CSRF exploits with BFF does not look like a good trade off to me.

0 comments

TobbenTM1y ago

You don’t open up for CSRF attacks if you use same site cookies, which I guess is part of why this pattern is seeing more use now.

j / k navigate · click thread line to collapse

0 pointsevrflx1y ago0 comments

With an XSS exploit it is game over, you control the browser. Adding more complexity and opening up the possibility of CSRF exploits with BFF does not look like a good trade off to me.

0 comments

TobbenTM1y ago

You don’t open up for CSRF attacks if you use same site cookies, which I guess is part of why this pattern is seeing more use now.

j / k navigate · click thread line to collapse