-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[hmac-auth] handle X-Date header for browsers #641
Comments
@radioverve |
@shashiranjan84 just tested this out on Chrome and FF, the browser does not add a |
@radioverve @neeharv yes chrome terminates XHR if date is included. I'll update the plugin to check Update: working on patch, expect version 0.5.2 soon |
Maybe X-Date as suggested by @neeharv is better. |
@thibaultcha sure, that sounds more transparent. |
Merged, a patch version of Kong is incoming. |
We are trying to write a Single Page browser app which authenticates with Kong using the HMAC signature. The problem is xmlHttpRequest on the browser does not allow setDate header (security issue). To get around this, it probably makes sense for the plugin to handle the X-Date header instead which can be set across different platforms.
The text was updated successfully, but these errors were encountered: