File tree Expand file tree Collapse file tree 1 file changed +9
-1
lines changed Expand file tree Collapse file tree 1 file changed +9
-1
lines changed Original file line number Diff line number Diff line change @@ -91,4 +91,12 @@ on every load of the SPA. This function makes a decision based the query string
9191 );
9292 }
9393 ```
94- Note: This is just a simplified example. The timeout has to be cleared properly (before every refresh, or before logout).
94+ Note: This is just a simplified example. The timeout has to be cleared properly (before every refresh, or before logout).
95+
96+ ## Cookie Security
97+
98+ - ` SameSite=Strict ` cookies are sent to APIs, which cannot be sent from malicious sites
99+ - to ensure that only precise whitelisted origins can send cookies to APIs, a ` token-handler-version: 1 ` header is
100+ sent by this library on every request to the OAuth Agent. In cross-origin deployments this ensures that a CORS pre-flight
101+ request authorizes access. SPA developers may be required to send this header to token handler proxies as well (refer
102+ to the token handler proxy documentation for details).
You can’t perform that action at this time.
0 commit comments