Y
Hacker News
new
|
ask
|
show
|
jobs
by
andrewstuart2
3076 days ago
Developer 102 (or perhaps entrance exam): Never return authorization credentials on an unauthenticated HTTP endpoint.
1 comments
f2n
3076 days ago
It says Authorization, but this is really more of an anti-CSRF token, not an actual authorization credential, and anti-CSRF tokens are completely legitimate to return over an unauthenticated HTTP endpoint.
link