←back to thread

475 points danielstocks | 2 comments | | HN request time: 0.509s | source
Show context
mavster ◴[] No.27303085[source]
I'm just guessing, but...

"developer gets a great idea - let's push an update to the API as a GET request so we can cache this on the CDN... forgetting that the JWT token is potentially returned in the call. Now, whoever makes the call first gets their JWT token stored for everyone else to load instead when the API call is made."

Ta-da, Klarna.

replies(10): >>27303554 #>>27303645 #>>27303782 #>>27303857 #>>27303919 #>>27304192 #>>27304408 #>>27304728 #>>27305016 #>>27305863 #
AtNightWeCode ◴[] No.27305016[source]
I doubt that Klarna, a bank, have OSI layer 7 proxies in the cloud, with TLS termination in their CDN solution, on AWS. I would assume this traffic is outside of that. But then again, I know they wasted 25M+ Euros on a garbage NodeJS platform. They also created an own cloud once. Yes, it is in the trash bin.
replies(4): >>27305909 #>>27306271 #>>27308203 #>>27308438 #
1. darthrupert ◴[] No.27306271[source]
Surprisingly many IT companies tried to create their own clouds, or at least their own kubernetes.
replies(1): >>27308482 #
2. jordanbeiber ◴[] No.27308482[source]
Surprisingly many have saved boatloads of time automating processes pertaining to the tasks at hand. So, yeah, sound reasonable. :)