2.1.3.5 Security in the Frontend

• JWT Storage:

• Store tokens in HTTP-only cookies or localStorage (with caution).

• Include them in Authorization headers for subsequent API calls.

• CSRF Protections:

• If using cookies, consider CSRF tokens or same-site flags.