(www.ducktyped.org)

354 points egonschiele | 1 comments | 25 Aug 25 12:29 UTC | HN request time: 0.198s | source

Show context

TofuLover ◴[25 Aug 25 14:40 UTC] No.45014373[source]▶

I don't think the part about front and back channels is quite correct. GET and POST requests are both encrypted in HTTPS -- including the URL (but not the domain, as DNS resolution happens separately). Front and back channel are more to do with trust boundaries, and what information is public vs private from the client's perspective.

replies(3): >>45014825 #>>45017066 #>>45017319 #

1. aszen ◴[25 Aug 25 18:20 UTC] No.45017066[source]▶

>>45014373 #

Main point is that the url is store in browser history and is never private.

↑

An illustrated guide to OAuth