Is it less secure to return CSRF token in response body vs response cookie (header)?

前端未结

关注

 0  959

Is it any less secure to return a csrf-token via res.json(), than returning via res.cookie()?

My project configuration is set as follows:

Domains:


                      
              相关标签: