The question still remains where do we have to store the JWT tokens so that our AJAX requests from Javascript can use them in the Authorization headers. I looked at the following resources. Some suggest to use SessionStorage or LocalStorage and some say that they are unsafe, but don't recommend an alternative either. Also, some (link 3) suggest to store it as httpOnly cookies which obviosuly is not a solution for Single Page Applications. So, if we store them as non httpOnly cookies, its almost same as localStorage.
How do I store JWT and send them with every request using react
Please Stop Using Local Storage (https://dev.to/rdegges/please-stop-using-local-storage-1i04)
https://blog.logrocket.com/jwt-authentication-best-practices/
I know probably there isn't a particular solution to this problem, but strategies used in production settings to work around this problem may help.