treechicken@lemmy.world to Programmer Humor@lemmy.ml · 11 months agoSPAs were a mistakelemmy.worldimagemessage-square12fedilinkarrow-up119arrow-down10
arrow-up119arrow-down1imageSPAs were a mistakelemmy.worldtreechicken@lemmy.world to Programmer Humor@lemmy.ml · 11 months agomessage-square12fedilink
minus-squareAVincentInSpace@pawb.sociallinkfedilinkEnglisharrow-up1·edit-211 months agoOkay. So make your webpage send the authtoken in a cookie and leave off the Authorization header, and have your third party (presumably native) clients send an Authorization header but not any cookies, and write your server software to check for both. This seems trivial. What am I missing?
Okay.
So make your webpage send the authtoken in a cookie and leave off the
Authorization
header, and have your third party (presumably native) clients send anAuthorization
header but not any cookies, and write your server software to check for both.This seems trivial. What am I missing?