Y
Hacker News
new
|
ask
|
show
|
jobs
by
g-b-r
936 days ago
Keep in mind that urls end up in logs, that might well not be so well protected
2 comments
bob1029
936 days ago
In our case this is fine. The URL doesn't pass any claims. It is opaque client state bound to a specific identity which is validated by other means.
link
EE84M3i
936 days ago
Particularly if you use cdns, tracing, analytics, etc.
Also, IIRC a parent frame can retrieve a child frame's current URL no matter what.
link