I wonder why the user credential is included in the request body when I authenticate the user's JWT with using passport?
I suppose it's not safe to include the credential in the request ? How can i exclude it?
Asked
Active
Viewed 30 times
0
-
As long as you're using HTTPS, it's safe. Ultimately if you need to provide a credential it must be somewhere in the request. – Alejandro Dec 13 '22 at 16:01