A link that will be liked

General Discussion

Suggested Topics

  • 1 Votes
    18 Posts

    @cat thanks! Seems I will have to fix some things 😄

  • 0 Votes
    2 Posts

    Upvote / Downvote Function On Topic Level

    I did some search here and found this thread: Topic voting like adult swim boards had Hey guys! Actually, when ...


    NodeBB Community (community.nodebb.org)

  • 0 Votes
    3 Posts

    possible to put several links/route on One Icon ?

  • 0 Votes
    1 Posts

    While browsing the 'net, I found a neat little IETF draft standard called JWT (JSON Web Tokens).

    Basically, the idea is that instead of having sessions on the server and a cookie to match a HTTP request to one of those sessions, one or more claims (i.e. user ID or admin status) are stored in a JSON object which is then signed by the server. (currently through either HMAC, RSA or ECDSA)
    The client then stores this in usually either localStorage or sessionStorage and sends it along in an HTTP header with any request requiring authorization.

    For example:

    client logs in with username "Example" and password "password" server if user and password match, issue a JWT containing the payload { 'userId': 47 } and send it to the client client stores the JWT in sessionStorage (later) client creates a new topic and sends the JWT along in the Authorization HTTP header server validates the signature in the JWT from the Authorization header with their own secret/key and if it's OK, uses the data from the JWT in the processing of the request
    (in this case, the userID of 47 is used as creator of the topic)

    Pros of JWT:

    The server doesn't need to store sessions!
    => less load on the server
    & no shared session store is needed when scaling horizontally as long as all instances share a secret or public/private keypair No cookies => no CSRF!


    XSS becomes more dangerous - any malicious script with access to the client's localStorage or sessionStorage for a site can fully impersonate the user until the token expires or is deletes

    There might be more cons & pros, I am neither good nor experienced enough to fully understand everything 😛

    ("everything" is a lot though, I do have trouble with way less than that 😒 anyway, don't take my words for granted, do your own research, etc. etc. you know the drill 😛 )

    Some links:

    General introduction: http://angular-tips.com/blog/2014/05/json-web-tokens-introduction/ Slightly more detailed introduction with INFOGRAPHICS(ish): https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/ Web-based token decoder: http://jwt.io/ Express middleware: https://www.npmjs.com/package/express-jwt
  • 0 Votes
    1 Posts

    Hey there! Love nodebb and the awesome potential of using it as my forum solution.

    However, I have been noticing something odd? Whenever I try to click on a hyperlink, sometimes it appears the link doesn't work. It's not broken and doesn't lead to a 404. Rather, I click it and it does the same behavior if I clicked a link that was linked to an empty anchor of some kind. eg:

    <a href="#">A link</a>

    Wish I could show this behavior; it's difficult to describe. The link works if I right-click it and open it in a new tab or window. It's happened in the past while perusing this forum and it happened just now again when I tried to click on "Google analytics code not installed" in the unread list of topics.

    My specs: Google Chrome Version 39.0.2171.65 m on Windows 8.1

    EDIT: The same topic is back in my unread list/page and the same behavior is happening. Trying to click it but the link is 'lame' and won't work. Only right-clicking and opening in a new tab allows me to access it.