Hacker News new | ask | show | jobs
by ativzzz 2087 days ago
You should be able to get the token from your database, unless you're doing black box testing, which I am not a fan of for reasons such as this.
1 comments
megous 2085 days ago
I'm not justifying it.

Just saying that this might have been one reason for such data to be returned.

You may not have access to the database if you're doing frontend testing using headless browser.

link