so I was was wondering, since react escapes HTML, and doesn't really allow XSS when using normal input/ forms, is it safe to store JWT in Storage, and then sending it using the Authorization HTTP header, or would it be safer to store the jwt in a secure/HTTPonly/SameSite cookie?
I'm sorry if this is a noob question, but I've read a lot of articles on the subject but none that has clearly answared the question, I get that using cookies is more secure against XSS (With the HTTP only flag) but more vulnerable to CSRF attacks (Less so with the sameSite flag), but since we are using react (Which doesn't allow XSS) and sending it in an Authorization header (Which doesn't allow CSRF) wouldn't that be safer?
