How to use httpOnly secure cookies in Ruby on Rails with devise-jwt

Описание: While sending JWTs via the auth header may work for your application, sometimes it won't and we need the extra security against XSS provided by cookies. In this episode, I explore how to set and use cookies instead of sending back the JWT in our response body (to be set by localStorage) and explain the advantages and disadvantages of each.

🤯 Support on Patreon
  / davidwparker  
https://www.buymeacoffee.com/davidwpa...

⏱️ Timestamps:
00:00 - Introduction
00:55 - README
01:25 - devise-jwt-cookie
02:40 - user and other changes required
04:20 - other changes (non- cookie related)

💌 Newsletter:
https://www.programmingtil.com/

🪐Elsewhere:
Twitter:   / davidwparker  
Twitter:   / programmingtil  
GitHub: https://github.com/davidwparker

💭Concepts:
Use httpOnly secure cookies instead of localStorage for our devise JWT tokens

📚Resources:
https://github.com/davidwparker/progr...
https://github.com/davidwparker/devis...
https://github.com/scarhand/devise-jw...

🎬 Subscribe!
http://bit.ly/subdavidwparker

My name is David W Parker and I’m creating and publishing videos on ProgrammingTIL to help teach anyone and everyone who wants to code. I’m a huge fan of Ruby on Rails, Svelte, TailwindCSS, and WebGL. I’ve used React a lot in the past, as well as some Vue and AngularJS. I’ve done some professional Python and Django. I like to create real applications and my tutorials will walk you through how to build something real from beginning-to-end.

#ruby #rails #rubyonrails