We are running a website with a standard user authentication made in Laravel framework. Now we have to create React application that will be available only for authenticated users and that has to communicate with Laravel backend to get some data.
My question is simple - is it enough to protect AJAX requests called by React by attaching Laravel CSRF token to each request or should we implement some token mechanism like JWT etc? Thanks!
It would be to go with the jwt mechanism if you are creating a separate react app and separate backend app . By doing so if you decided to create the mobile app in future for the projectyou wouldn't have to bother that much