The Lounge is rated PG. If you're about to post something you wouldn't want your
kid sister to read then don't post it. No flame wars, no abusive conduct, no programming
questions and please don't post ads.
1. The lounge is for the CodeProject community to discuss things of interest to the community, and as a place for the whole community to participate. It is, first and foremost, a respectful meeting and discussion area for those wishing to discuss the life of a Software developer.
The #1 rule is: Be respectful of others, of the site, and of the community as a whole.
2. Technical discussions are welcome, but if you need specific programming question answered please use Quick Answers[^], or to discussion your programming problem in depth use the programming forums[^]. We encourage technical discussion, but this is a general discussion forum, not a programming Q&A forum. Posts will be moved or deleted if they fit better elsewhere.
4. No politics (including enviro-politics[^]), no sex, no religion. This is a community for software development. There are plenty of other sites that are far more appropriate for these discussions.
5. Nothing Not Safe For Work, nothing you would not want your wife/husband, your girlfriend/boyfriend, your mother or your kid sister seeing on your screen. For those discussions where you wish to be a little more frank, use the Soapbox[^]
6. Any personal attacks, any spam, any advertising, any trolling, or any abuse of the rules will result in your account being removed.
7. Not everyone's first language is English. Be understanding.
Please respect the community and respect each other. We are of many cultures so remember that. Don't assume others understand you are joking, don't belittle anyone for taking offense or being thin skinned.
We are a community for software developers. Leave the egos at the door.
Was browsing Amazon Prime and found all the episodes of Laugh-In Spent MUCH longer than I should have refreshing memories of that show
A human being should be able to change a diaper, plan an invasion, butcher a hog, navigate a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects! - Lazarus Long
Some people recommend local storage[^] (or session storage[^]). Others proclaim it's a terrible idea, because it could be stolen by XSS or a compromised CDN script.
The only other option appears to be a cookie. But if you need to access that from your SPA script, it can't be marked as "HTTP only", so the same XSS / compromised CDN script could steal it just as easily. And if it's sent automatically on every request to the API, then you're open to XSRF.
The client can't trust the server. The server can't trust the client. Neither of them can trust the pipe between them. And those of us who are supposed to make it all work keep getting distracted by the latest shiny framework that's supposed to fix everything, so long as you don't look too closely at the security implications.
The solution is simple: we just need to - OH LOOK! A SQUIRREL!
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer