Skip to content

Commit de2ad7a

Browse files
binarykbinaryk
committed
Docs
1 parent d5d8c7b commit de2ad7a

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

README.md

+2-1
Original file line numberDiff line numberDiff line change
@@ -143,7 +143,8 @@ Please see [CONTRIBUTING](CONTRIBUTING.md) for details.
143143
### Security
144144

145145
Since the Session Key and X-CSRF-TOKEN could be read by the JavaScript code, that means it's less secure than a usual
146-
http-only Cookie. Think of this as of the Bearer token. The security impact is exactly the same.
146+
http-only Cookie. But since we have different domains for the API and WEB, we don't have a way to setup a cookie.
147+
You can think of this as of the Bearer token. The security impact is exactly the same.
147148

148149
If you discover any security related issues, please email [email protected] instead of using the issue tracker.
149150

0 commit comments

Comments
 (0)