We want to migrate the browser cookies to redux. An explanation why we decided is in ENG-4347 and on Notion. We do the migration on the client after setting the cookie to httpOnly: false on the keyserver. This is normally not recommended because of XSS, but if our end goal is moving the cookie to redux, it will be accesible to js anyway, so there shouldn't be any issue with this. If the attacked can execute any js on the client they can still make authenticated calls to the keyserver/services (for services we keep commAccessToken in redux anyway).
Details
Details
- Reviewers
inka kamil atul - Commits
- rCOMMa16031408fec: [web] Migrate cookies to redux
Run the migration, check if the cookie was stored in redux
Diff Detail
Diff Detail
- Repository
- rCOMM Comm
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
Comment Actions
Rebase
Added check for null cookie (this should only happen if someone in modyfying cookies directly)