Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
evrflx
1y ago
0 comments
Save
Share
With an XSS exploit it is game over, you control the browser. Adding more complexity and opening up the possibility of CSRF exploits with BFF does not look like a good trade off to me.
0 comments
1 comments · 1 top-level
top
newest
oldest
TobbenTM
1y ago
You don’t open up for CSRF attacks if you use same site cookies, which I guess is part of why this pattern is seeing more use now.
j
/
k
navigate · click thread line to collapse
