Hacker News new | ask | show | jobs
by uname_amiy 2073 days ago
Why does the website has a button 'Support us on HN' containing the URL[0] to vote this submission, are you trying to do a CSRF attack?

And in github auth you are asking for read and write permission to data.

[0]: URL news [.] ycombinator [.] com/vote?id=24744645&how=up&goto=show

Edit: Add URL from the website.
1 comments
olivdums 2073 days ago
Hey :) ! Yhanks for you comment, Acutally I have added this button to upvote for my project on HN directly from my website, nothing to do with a CSRF attack :) Maybe I should change it to the url of HN but I thought that people would not fin my project directly... And for the github permission, we only provide a sign up through Oauth using github because it is a way for us to have only developers on the website, we request to access users' data in order to automatically create a profile (I think it is boring to enter by hand you personnal data)... We take email, first_name, last_name, bio, and avatar.

I hope I have answered your questions, fell free to ask me more if it's not the case ! It's the first time I am posting here on HN :)

link