Y
Hacker News
new
|
ask
|
show
|
jobs
by
woloski
4532 days ago
For images that are protected you can use this approach
http://blog.auth0.com/2014/01/27/ten-things-you-should-know-...
1 comments
mixedbit
4532 days ago
But with tokens in URLs you can do CSRF.
link
jfroma
4532 days ago
No, you need the signed token for the link, that will only works for that particular url (protocol, host, path, query), for a breve period of time and only for GETs. As mentioned in the blog post, you can check hawk bewits:
https://github.com/hueniverse/hawk
link