I am new to Nuxt.js and having some authentication problem. Hope you guys can have a look.
I am using module nuxt-auth of Nuxt.js, when I login, it saves JWT created from cookie to dev console. This makes the site vulnerable to XSS attack. People can read the JWT in the dev console as in the picture below.
What I tried to fix was setting the login response sent back from the server with the set-cookie to HttpOnly. But then nuxt-auth cannot read it. So my question is:
Is there a better authentication solution for nuxt.js? or
what is the best practice for using nuxt-auth?
Any help would be much appreciated! As I this is a very serious security for my application.
Nuxtjs: How to use HttpOnly Cookies for Nuxt-Auth strategy
https://github.com/nuxt-community/auth-module/issues/142
Below are what I found when looking up for a solution, but still cannot get it:
