undefined | Better HN

0 pointsjohnmaguire2y ago0 comments

> how different is it really to have the "secret" be in the URL vs in a token you submit as part of the request for the URL?

I'm not sure I grok this. Do you mean, for example, sending a token in the POST body, or as a cookie / other header?

One disadvantage to having a secret in the URL, versus in a header or body, is that it can appear in web service logs, unless you use a URI fragment. Even then, the URL is visible to the user, and will live in their history and URL bar - from which they may copy and paste it elsewhere.

0 comments

mikepurvis2y ago

In this case it's package archives, so they're never accessed from a browser, only from the Nix daemon for binary substitution [1]: https://nixos.wiki/wiki/Binary_Cache

j / k navigate · click thread line to collapse

0 pointsjohnmaguire2y ago0 comments

> how different is it really to have the "secret" be in the URL vs in a token you submit as part of the request for the URL?

I'm not sure I grok this. Do you mean, for example, sending a token in the POST body, or as a cookie / other header?

0 comments

mikepurvis2y ago

In this case it's package archives, so they're never accessed from a browser, only from the Nix daemon for binary substitution [1]: https://nixos.wiki/wiki/Binary_Cache

j / k navigate · click thread line to collapse