N
Novu2mo ago
Prateek

Why Novu Web Widget stores auth_token in local storage?

I don't understand why Novu Web Widget needs to store the auth token for APIs like /feed, /unread etc in local storage. This is not a good practice, since someone running a malacious script in any app (where we are using Novu Widget) can copy local storage contents to their server The Novu token then allows the attacker to access all notification data of the subscriber. Is there a way where the web widget can avoid local storage altogether or the only approach is to have our own implementation of web widget of Novu?
3 Replies
Pawan Jain
Pawan Jain2mo ago
@Prateek Are you using @novu/notification-center or @novu/react ?
Prateek
PrateekOP2mo ago
@novu/notification-center
Pawan Jain
Pawan Jain2mo ago
Hey Prateek I have shared the issue with team. @novu/notification-center indeed stores tokens in local storage. We have launched new inbox component @novu/react which is compatible with @novu/framework based workflows. In this new component, we are using memory to store token, so it is not available in local storage If you are not looking to migrate to new inbox component, I would recommend you to build custom in-app component using hooks from @novu/notification-center
Want results from more Discord servers?
Add your server