{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 混吃等死 的问题《Is it safe to put a jwt into the url as a query pa》','https://www.manongdao.com/q-111355.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Is it safe to put a jwt (json web token) into the url as a query parameter of a GET request?
相关问题
- Angular RxJS mergeMap types
- “Zero out” sensitive String data in Swift
- Google Apps Script: testing doPost() with cURL
- How to instantiate Http service in main.ts manuall
- C#使用http访问网络,有办法用指定网卡访问网络嘛?
相关文章
- C#使用http访问网络,有办法用指定网卡访问网络嘛?
- Warning : HTML 1300 Navigation occured?
- Is a unicode user agent legal inside an HTTP heade
- git: retry if http request failed
- Security concerns about CORS
- How do I prevent SQL injection with ColdFusion
- Flutter - http.get fails on macos build target: Co
- C# HttpClient.SendAsync always returns 404 but URL
It can be safe under the following circumstances:
jtiandexpclaims are present in the tokenjtiandexpbut in case it is used as a token that can repeatedly be used e.g. against an API then supplying it as a query parameter is less preferred since it may end up in logs and system process information, available to others that have access to the server or client system. In that case would be better to present it as part of a header or a POST parameter.
Besides that, by using it in the query parameters you may run in to URL size limitations on browsers or servers; using it in a header provides some more space, using it as a POST paramter would work best.