embark

History

Andre Medeiros 428f591330 Don't send token in request body. Instead, we want to hash a header to sign a request with a client nonce, http method and URL. This is a first step towards protecting the backend against eavesdropping. Please note that this will still be susceptible to replay attacks.	2018-10-23 11:01:11 +02:00
..
index.js	Don't send token in request body.	2018-10-23 11:01:11 +02:00

Instead, we want to hash a header to sign a request with a client nonce,
http method and URL. This is a first step towards protecting the backend
against eavesdropping.

Please note that this will still be susceptible to replay attacks.

2018-10-23 11:01:11 +02:00

index.js

Don't send token in request body.

2018-10-23 11:01:11 +02:00