Are django rest framework tokens safe

I'm using Django Rest Framework Token authentication. After logging in, the frontend saves the token as a cookie and sends it via the authorization header with every request. If an attacker could get a hold of the cookie that contains the token and sends it themselves, it would be impossible to detect whether the original user or an attacker sent the token, right? If so, what would be the best way to prevent a token from being compromised and used in a malicious manner?

Back to Top