How to authorize requests from ReactJS for PHP?

The front application to React. Back - PHP, Yii2 or rather.
The app works for itself, i.e. is implemented on the Beck API only to the application need. Connecting third-party services and applications is not expected.

As in this scheme, the better to authorize requests from React?
Whether to raise an OAuth server? I understand that the tokens React be stored in the open for all storage (localStorage or cookies available to scripts)?
Or to use the server session (with cookie httpOnly)? How to defend against CSRF? Record the token in the header to React saw him?
April 3rd 20 at 17:44
1 answer
April 3rd 20 at 17:46
I wouldn't worry.
Out of the box authorization Yii2 produces a token, which is then sent in all requests.

Do so, when sending a request for authorization keep the token in a cookie or localstorage and then rock it in the queries. As the token is rotten, so send the user back to the login page.
axios for example, it can store data in headers
axios.defaults.headers.common['Authorization'] = 'Token' + token
and if you need
axios.defaults.headers.common['X-CSRFToken'] = csrf - Brody_Witting commented on April 3rd 20 at 17:49
Thank you. - Vivien_Fritsch77 commented on April 3rd 20 at 17:52
@dallin.Morissette, then there are corresponding button) - Brody_Witting commented on April 3rd 20 at 17:55

Find more questions by tags YiiReact