Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
cess11
5 months ago
|
parent
|
context
|
favorite
| on:
Chrome extensions spying on users' browsing data
If a service is sending auth tokens as URL parameters, stop using it. Those are always public.
dangets
5 months ago
|
next
[–]
I don't disagree with the advice (especially for long lived tokens), but query parameters are encrypted during transit with https. You still need to worry about server access logs, browser history, etc that might expose the full request url.
karel-3d
5 months ago
|
prev
[–]
huh? https encrypts URL parameters?
Consider applying for YC's Fall 2026 batch!
Applications
are open till July 27.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: