I’d like to protect static files with JWT authentication. Is it possible to achieve without cookies? As I know the most common scenario for JWT is to pass token in request body or header, making AJAX call. But when browser requests static files (JS, CSS … ), there is no way to add body to this request. So the only way is to store jwt token in cookie? Or there are others?
Did you have specific objections to a cookie?
Im reading articles, and everyone is passing jwt token in body or Authorization header. I develop website with admin panel – SPA application, so Im wondering, should I protect html, bundle.js, css of this panel with cookie or protect only API and make these files public. Just want to know what is the common flow. And I thought, maybe it’s possible somehow, to protect these files with Authorization header (like Basic Auth) but using JWT