Skip to content

Add warnings against exposing auth tokens in web apps #7606

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 11, 2025
Merged

Add warnings against exposing auth tokens in web apps #7606

merged 2 commits into from
Nov 11, 2025

Conversation

@kjac
Copy link
Contributor

@kjac kjac commented Nov 11, 2025

📋 Description

Following these recommendations from IETF (also mirrored by this article from Microsoft), it seems prudent to add explicit warnings to our documentation, discouraging site implementers from exposing auth tokens to web applications.

📎 Related Issues (if applicable)

None.

✅ Contributor Checklist

I've followed the Umbraco Documentation Style Guide and can confirm that:

  • Code blocks are correctly formatted.
  • Sentences are short and clear (preferably under 25 words).
  • Passive voice and first-person language (“we”, “I”) are avoided.
  • Relevant pages are linked.
  • All links work and point to the correct resources.
  • Screenshots or diagrams are included if useful.
  • Any code examples or instructions have been tested.
  • Typos, broken links, and broken images are fixed.

Product & Version (if relevant)

All active versions.

Deadline (if relevant)

Anytime 😄

📚 Helpful Resources

eshanrnh
eshanrnh approved these changes Nov 11, 2025
View reviewed changes
Copy link
Contributor

@eshanrnh eshanrnh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent PR, @kjac 🙌 I added 1 suggestion to remove "please" and updated the link text to be more descriptive.

@eshanrnh eshanrnh merged commit b0470ee into main Nov 11, 2025
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eshanrnh eshanrnh eshanrnh approved these changes

Assignees

No one assigned

Labels

category/umbraco-cms

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kjac @eshanrnh