“Once you had your JWT token saved to the browser’s cookie, your requests to the server will automatically include that cookie in the headers.”
So I really believed the only thing I needed to do, which apparently sounds really challenging, was attaching my token to the cookie, and the browser would take care of the rest.
But I have spent hours, in hope and also in frustration, trying to understand WHY all the requests that I wrote – getAll() to retrieve database or insertDish() to add dish to the database – just don’t include my cookie. Thus, I, or my server to be exact, cannot validate if the request is valid and authenticate the user trying to get around the web.
So there, that’s on my TODO from now until tomorrow day’s end. I have learned quite a lot about requests and responses (which is 100% improvement from myself last week, to be frank). I realized that I know nothing about web security, and I’m exposing my code to threats. Yet, that doesn’t matter. I need to create my child first, and then I’ll think about protecting it. Now, since my child is still in the womb, the only person I need to protect is myself.