Y
Hacker News
new
|
ask
|
show
|
jobs
by
f2n
3076 days ago
It says Authorization, but this is really more of an anti-CSRF token, not an actual authorization credential, and anti-CSRF tokens are completely legitimate to return over an unauthenticated HTTP endpoint.