'Why does firebase store access token in index DB for flutter web?

I realized firebase auth for flutter web stores the user's access token in index DB. I thought this is not safe. I understand the access token must be persistent to maintain the authentication state. But based on the research I made here and here, I understood storing access tokens in local storage, session storage, and index DB are all vulnerable to XSS attacks therefore httpOnly cookies should be used instead.

firebaseflutterfirebase-authenticationflutter-web


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

ADB exited with exit code 1

ADB exited with exit code 1

Flutter: wasm streaming compile failed: TypeError: Could not download wasm module

How to add integer as default/initial value for TextFormField in flutter?

How to highlight correct word on searchDelegate?

Xcode build is missing expected TARGET_BUILD_DIR build setting

Generic callback with generic class as parameter in Dart

How to not dispose of previous widget when navigating to a new widget in Flutter?

Unhandled Exception: type 'Null' is not a subtype of type 'Map<String, dynamic>' in type cast

FirebaseMessagingService Illegal Access

Firebase push notifications stops working after some time for all users in my Flutter app. Is this correct flutter fcm implementation?

How to draw a horizontal line in flutter row widgets?

Flutter testing error: NotInitializedError which involves environment variables (.env)

How to make a widget take as much width as the screen in Flutter?

ERROR: Runner.xcworkspace does not exist. error implementing google maps