frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Securely sending query parameters in HTTP headers

https://github.com/dickhardt/redirect-headers
2•mooreds•17h ago

Comments

westurner•16h ago
> Abstract: This document defines HTTP headers that enable browsers to pass redirect parameters securely during HTTP redirects without exposing them in URLs. The `Redirect-Query` header carries parameters traditionally sent via URL query strings, the `Redirect-Origin` header provides browser-verified origin authentication, and the `Redirect-Path` header enables path-based redirect validation. These headers address security and privacy concerns in authentication and authorization protocols such as OAuth 2.0 and OpenID Connect.

draft-hardt-httpbis-redirect-headers.md: https://github.com/dickhardt/redirect-headers/blob/main/draf...

westurner•15h ago
Does this mean that revisions to for example, the OAuth2 and OIDC protocols will be needed; or shouldn't there at least be a note about the concerns of "HTTP Redirect Headers" draft-hardt-httpbis-redirect-headers ? https://github.com/dickhardt/redirect-headers/blob/main/draf...

Open issues:

- "Use of unsafe/unsecure headers (under Fetch)" https://github.com/dickhardt/redirect-headers/issues/2 :

> All headers with the Sec- and Proxy- prefixes are forbidden request-headers. This rule also provides backwards compatibility as it ensures that newly introduced forbidden request-headers are forbidden in older browser. So, you probably want to rename Request-Origin to `Sec-Request-Origin`, at least

How to review this as an IETF RFC?

mooreds•15h ago
Lots of discussion in the OAuth mailing group about the implications for OAuth/OIDC. The thread starts here: https://mailarchive.ietf.org/arch/msg/oauth/FFkUlOiz7I4K03pq...

> How to review this as an IETF RFC?

Suggest joining the OAuth mailing list and responding there, or creating a PR against the repo (but I'd first read the discussion on the mailing list thread to avoid duplication).

Deconstructing the LuaJIT Pseudo Memory Leak

https://blog.openresty.com/en/luajit-plus/
1•dgares•28s ago•0 comments

Wts: Tmux friendly Git worktree management tool

https://www.npmjs.com/package/@desplega.ai/wts
1•tarasyarema•39s ago•0 comments

Ask HN: What's your preferred digital payment method?

1•vednig•2m ago•0 comments

Lord of War, meet Lord of Tokens: Testing image models on design-agency task

https://singhkays.com/blog/lord-war-test-image-models/
1•singhkays•2m ago•0 comments

Claude Code Hits Different (From Interconnects by Nathan Lambert)

https://www.interconnects.ai/p/claude-code-hits-different
1•dpflan•3m ago•1 comments

NASA Releases the Long-Awaited Video of Kepler's Supernova Remnant

https://www.universetoday.com/articles/nasa-releases-the-long-awaited-video-of-keplers-supernova-...
1•bookofjoe•3m ago•0 comments

The Lost Subways

https://www.lostsubways.com/map-index
1•Amorymeltzer•3m ago•0 comments

Meta makes nuclear power deals with 3 companies

https://www.bnnbloomberg.ca/business/technology/2026/01/09/meta-strikes-nuclear-power-agreements-...
1•mpweiher•3m ago•0 comments

AT&T Blocks T-Mobile's Data Portability Efforts

https://blog.ericgoldman.org/archives/2026/01/att-blocks-t-mobiles-data-portability-efforts-guest...
2•hn_acker•3m ago•0 comments

MCP CLI: Call MCP Servers Efficiently

https://www.philschmid.de/mcp-cli
1•ingve•5m ago•0 comments

AI Zealotry

https://matthewrocklin.com/ai-zealotry/
1•akshayka•6m ago•0 comments

Show HN: I built a simple Postgres client for Neovim

https://github.com/h4kbas/neosql.nvim
1•h4kbas•6m ago•0 comments

Initial Thoughts on Gmail with Gemini?

1•sankalpdomore•7m ago•0 comments

Show HN: We made a hiring challenge because Claude can 1-shot our interviews

https://www.atomsnotelectrons.com
2•jgru•8m ago•0 comments

Show HN: Scroll Wikipedia like TikTok

https://quack.sdan.io
1•sdan•8m ago•0 comments

What Happens When You Compress a File [video]

https://www.youtube.com/watch?v=wdZ1RtotvC8
1•artisandip7•10m ago•0 comments

Democrats ask Apple and Google to remove X's undressing bot from app stores

https://www.theverge.com/news/859631/democrats-x-grok-apple-google-app-store
3•kemayo•10m ago•0 comments

73% People Detained by ICE Have No Convictions

https://www.cato.org/blog/5-ice-detainees-have-violent-convictions-73-no-convictions
21•gtirloni•12m ago•1 comments

U.S. mandates more foreign travelers to pay $15,000 visa bond deposits

https://www.washingtonpost.com/immigration/2026/01/06/visa-bonds-state-overstay-rates/
2•hmokiguess•12m ago•0 comments

Vect AI shows which ideas will make money before you build

https://www.google.com/search?q=site%3Avect.pro
3•yevdduwi•14m ago•1 comments

Show HN: A read-only CLI for agents to search your Messages.app history

https://github.com/tpritc/macos-messages
2•tompritchard•15m ago•1 comments

Adopting AI at Sentry – "Internal" Email

https://twitter.com/jshchnz/status/2009372836419248263
1•serial_dev•18m ago•0 comments

Trump spectrum sale leaves airlines with $4.5B bill for altimeter do-over

https://www.theregister.com/2026/01/08/airlines_face_another_altimeter_upgrade/
4•upofadown•20m ago•1 comments

Unique 'mugging' behaviour attracts intrigued whale watchers to Queensland

https://www.abc.net.au/news/2026-01-02/humpback-whales-mugging-hervey-bay-qld/106126770
1•Tomte•21m ago•0 comments

Tyler Cowen: 'Buying' Greenland Is Not an Option

https://www.thefp.com/p/tyler-cowen-buying-greenland-is-not
2•paulpauper•22m ago•0 comments

The simplest way to build AI agents in 2026

https://newsletter.owainlewis.com/p/the-simplest-way-to-build-ai-agents
1•owlewis•22m ago•0 comments

VectAI finds what converts before you ship using live market signals not guesses

https://www.google.com/search?q=site%3Avect.pro&oq=&gs_lcrp=EgZjaHJvbWUqCQgAECMYJxjqAjIJCAAQIxgnG...
2•MMAFRAZ•23m ago•1 comments

Scientists Discover Oldest Poison, on 60k-Year-Old Arrows

https://www.nytimes.com/2026/01/07/science/poison-arrows-south-africa.html
2•benbreen•23m ago•0 comments

The golden age of vaccine development

https://www.worksinprogress.news/p/the-golden-age-of-vaccine-development
1•paulpauper•23m ago•0 comments

Larry Page leaves California to protect $12.5B from proposed wealth tax

https://www.neowin.net/news/larry-page-leaves-california-to-protect-125-billion-from-proposed-wea...
4•SunshineTheCat•23m ago•0 comments