non-biased-news @non-biased-news

SparkLabs API in progress:

https://SparkLabs.amorogos.repl.co

Docs: https://SparkLabs.amorogos.repl.co/docs

Oct 10, 2022, 8:57 PM
18
View all

comments

Highlighted comment
wynd @wynd Oct 10, 2022, 10:29 PM

For accounts/join and accounts/login I would HIGHLY recommend using POST requests, as opposed to GET requests. They are more secure, and easier to use anyways as well. Read articles below for more details.

security.stackexchange.com/q/147188, stackoverflow.com/q/5868786, sitepoint.com/community/t/117881, portswigger.net/kb/issues/00400300, medium.com/@brockmrohloff_12324/7c4da662cfa2
frostzzone @frostzzone Oct 10, 2022, 10:33 PM

agreed
non-biased-news @non-biased-news Oct 11, 2022, 2:06 PM

okay, I got it to POST now.

@jeffalo you should do this as well for the api.
wynd @wynd Oct 11, 2022, 4:44 PM

he does
non-biased-news @non-biased-news Oct 11, 2022, 5:25 PM

no.. it uses GEt the last time i checked
wynd @wynd Oct 11, 2022, 6:10 PM

wasteof uses post requests for auth and posting and commenting, i know this 100%. Get requests are used for retrieval of post, comment, user and more information.
non-biased-news @non-biased-news Oct 11, 2022, 6:13 PM

https://oren-lindsey.github.io/wasteof2-docs-pages/session
wynd @wynd Oct 11, 2022, 6:25 PM

that literally shows my point, it uses GET to get data about the currently logged in user, which you need a token for in the headers
See more replies
quantum-codes @quantum-codes Oct 12, 2022, 12:38 PM

Logs you into an account. (Returns an authorization token)

POST /session

After you do this, you can GET the info about already logged in user(that login used POST. I quoted its docs)
See more replies