Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
Sorry I'm still quite new to web development, but it seems like I wouldn't be able to save the access code into an httponly cookie. I've read that Angular has a way of sending cookies for requests that are only coming from my domain, which would deal with CSRF while the httponly deals with XSS.
https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage
Therefore in order to maintain user session, and keep them logged in across multiple sessions, is to save it into localStorage? Is this right or is there another way?
If I do save it into localStorage, I would need to be very careful about XSS attacks, particularly code libraries that could be potentially compromised?
Any advice, even just a good article for reference, would be greatly appreciated!
The API v2 Dropbox JavaScript SDK does not handle access token storage automatically. It is left to the developer to decide what makes sense for their app/platform.
The API v2 Dropbox JavaScript SDK does not handle access token storage automatically. It is left to the developer to decide what makes sense for their app/platform.
Hi there!
If you need more help you can view your support options (expected response time for a ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!