mirror/archivebox
1
0
Fork 0
mirror of https://github.com/pirate/ArchiveBox.git synced 2025-08-24 15:13:03 +02:00
Code Issues Releases Wiki Activity

Updated Setting up Authentication (markdown)

Nick Sweeting
2024-05-08 20:38:18 -07:00
parent 03d0cc1952
commit b0c82a8b2d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Setting-up-Authentication.md

@@ -203,7 +203,7 @@ curl -X 'GET' \
> [!CAUTION]
> We recommend sticking to header-based authentication and not using this method unless you deeply understand the CSRF/CORS security risks.
> This method is mostly useful when accessing the API from external apps where CSRF/CORS is not a concern (e.g. `wget`, `curl`, Postman, etc.).
> This method is mostly useful when accessing the API from external apps where CSRF/CORS is not a concern (e.g. `curl`, Postman, mobile apps, etc.).
> Browsers enforce that requests made to the ArchiveBox API from *other domains* will not include any session cookies by default. This is is an [important security principle](https://docs.djangoproject.com/en/5.0/ref/csrf/) that protects you from API requests being initiated from JS served to users on websites you don't control (aka CSRF/CORS attacks).
>