You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is important because it prevents IDORs due to the Confused Deputy problem instead of us relying on properly querying for if the user is authorized every time. It's possible to set the X-Hasura-Real-User-Id header or we can forward the user's JWT directly.
freeqaz
changed the title
Forward the User's JWT to Hasura when making requests from the Node backend
Forward the User's ID to Hasura when making requests from the Node backend
Feb 16, 2023
This is important because it prevents IDORs due to the Confused Deputy problem instead of us relying on properly querying for if the user is authorized every time. It's possible to set the
X-Hasura-Real-User-Id
header or we can forward the user's JWT directly.For example:
That can become:
And it will still function the same.
The text was updated successfully, but these errors were encountered: