Real handshake with activecell #4
Description
Uncomment https://github.com/activecell/porchetta/blob/master/lib/index.js#L7
it seems, cookie authentication does not work through domains. I have another example, inspired by intercom:
- On the client:
hash = $('meta [name="user_hash"]').attr("content")
email = app.user.get('email')
query = "email=#{email}&hash_email=#{hash}"
new Porchetta(http://localhost:4000, app.company.id, { query: query })- Porchetta server pass data.query to
POST /api/v1/handshake.json - On server:
- generate meta tag user_hash with SHA256 for app page with secret key
- on handshake_controller validate email & hash_email with secret key