XSS: your SPA is highly vulnerable!

Introduction:

We’ll explore a solution to mitigate XSS attacks in Single Page Application. It’s particularly important in a micro services architecture with multiple APIs on the backend side.

If Open Id Connect is used then those APIs require an access token to serve the resources to the SPA. This access token is a critical elements which has to be highly protected.