Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
evrflx
23 days ago
|
parent
|
context
|
favorite
| on:
Keycloak, Angular, and the BFF Pattern
With an XSS exploit it is game over, you control the browser. Adding more complexity and opening up the possibility of CSRF exploits with BFF does not look like a good trade off to me.
TobbenTM
23 days ago
[–]
You don’t open up for CSRF attacks if you use same site cookies, which I guess is part of why this pattern is seeing more use now.
Join us for
AI Startup School
this June 16-17 in San Francisco!
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
