Hacker News new | past | comments | ask | show | jobs | submit login

You shouldn't be able to get the token from another domain, regardless of how long it lasts. How are you able to?



Im getting it on the same domain, but the request can be sent from any domain, as long as the user is logged in.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: