You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, in HTTP auth, we use the current timestamp and the server has a hard-coded max age for signed headers.
This gives no control to the client regarding how long a signature should be valid. We could invert this control by setting an expiration date instead of a timestamp.
The text was updated successfully, but these errors were encountered:
Currently, in HTTP auth, we use the current timestamp and the server has a hard-coded max age for signed headers.
This gives no control to the client regarding how long a signature should be valid. We could invert this control by setting an
expiration
date instead of atimestamp
.The text was updated successfully, but these errors were encountered: