Ruben Verborgh
Ruben Verborgh
> Do automated clients such as curl send the Origin header? Not by default. > If not, you could perhaps say, if there's no origin header accept a client certificate....
Fortunately not: it's an essential cookie for auth, not for tracking.
Jup, pinging happened here: https://github.com/ProfileNegotiation/I-D-Accept--Schema/issues/13#issuecomment-354633650
@dret Will this updated version of the RFC explain how to achieve such a preference with existing means, or will it introduce a new header (as we're planning for https://github.com/profilenegotiation/I-D-Accept--Schema/)?
Since WAC was mentioned above, we probably also want to clarify that this is an orthogonal problem. One of the mentioned benefits of ACP was better client identification (or rather...
> with [HTTP Sig](https://github.com/bblfish/httpsig) working via a wallet or through an http proxy, the signatures can be thought of as coming I think directly from the user. > Ie. the...
(Makes sense, probably want to make the title of the issue more precise.)
This should likely be moved elsewhere; auth client only does authentication, not authorization.
What's your Node version? You'll need 8 or up. Also you'll need your own host and password 😉
Yes, Node is right to give that warning. Not entirely sure why it is refused, is the server still running? Can you request that file from within a browser?