mirror/archivebox
1
0
Fork 0
mirror of https://github.com/pirate/ArchiveBox.git synced 2025-08-25 15:31:22 +02:00
Code Issues Releases Wiki Activity

Updated Setting up Authentication (markdown)

Nick Sweeting
2024-05-08 19:42:10 -07:00
parent 9a0e3bbad1
commit 7bacb9d795
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Setting-up-Authentication.md

@@ -207,7 +207,7 @@ curl -X 'GET' \
> [!CAUTION]
> We recommend sticking to header-based authentication and not using this method unless you deeply understand the CSRF/CORS security risks.
> This method is mostly useful when testing API requests from the browser devtools, as it lets you skip having to pass an API key with every request.
> This method is mostly useful when testing API requests from the browser devtools or CLI tools, as it lets you skip having to pass an API key with every request.
> Browsers enforce that requests made to the ArchiveBox API from *other domains* will not include any session cookies by default. This is is an [important security principle](https://docs.djangoproject.com/en/5.0/ref/csrf/) that protects you from API requests being initiated from JS served to users on websites you don't control (aka CSRF/CORS attacks).