I like the idea of passing the request headers that are readable only to the resources.
Alternatively - the other option would be to add a hashing feature where a particular HTTP header contains a hash of the Ask program with some secret like sha1(code+secret) - the way JWT tokens works in order to prevent the mid-man (user) from changing the scripts authorized by the frontend developer. The hash then should be generated somehow on the frontend eg. by Webpack plugin, based on server authorization keys passed by the ENV in the compiling phase (to avoid sharing the server-side secret)
pkarw
commented
3 years ago
Is your feature request related to a problem? If yes, please describe the problem.
Related: #581
It would be great to have a way, similar to the way we manage the secrets to manage the sessions and scoping the accessible user data.
Reference
I like the idea of passing the request headers that are readable only to the resources.
Alternatively - the other option would be to add a hashing feature where a particular HTTP header contains a
hashof the Ask program with some secret likesha1(code+secret)- the way JWT tokens works in order to prevent the mid-man (user) from changing the scripts authorized by the frontend developer. The hash then should be generated somehow on the frontend eg. by Webpack plugin, based on server authorization keys passed by theENVin the compiling phase (to avoid sharing the server-side secret)