How identityserver3 token can be protected -
could please me clarify token related questions?
i have implemented https way through, question when token granted can see under chrome developer tool , redirection url, means if hacked computer can use too? have checked fiddler , can't see token there.
the web api has cors implemented, works fine in browsers origins not listed requests denied. problem retrieved access token chrome, used fiddler compose request , worked fine, got around cors check , returned results, expected have request denied.
thanks in advance!
- yes
- cors applies browsers , ajax requests
Comments
Post a Comment