You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
E.g., right now we're duplicating routes on our .pkg subdomains to work around HTTP clients not forwarding authentication headers from one subdomain to another, even if the top level domain matches. As a better workaround, we should add a signed authentication scheme, which can be embedded into URLs, containing signed and encrypted credentials, e.g.:
https://raw.pkg.keygen.sh/foo/bar/hello.txt
303 See Other
Location: https://api.keygen.sh/v1/accounts/foo/artifacts/hello.txt?auth=signed:xxx.yyy.zzz
Essentially, it could be like a signed cookie almost.
E.g., right now we're duplicating routes on our
.pkgsubdomains to work around HTTP clients not forwarding authentication headers from one subdomain to another, even if the top level domain matches. As a better workaround, we should add asignedauthentication scheme, which can be embedded into URLs, containing signed and encrypted credentials, e.g.:Essentially, it could be like a signed cookie almost.
Related to #409, #863, and #877?
The text was updated successfully, but these errors were encountered: