Comment by h1fra

13 days ago

Interesting. Default behavior could be improved. I blindly pasted a curl, except showing my curl it didn't make any headers modifiable. It also didn't redacted the Authorization header. Also there is no way to delete a page.

4 comments

h1fra

Reply
markerz  12 days ago

FYI, you can delete anyone's CURL (including your own if you were unauthenticated) with the following curl:

https://uncurl.dev/curl/78ab4bf5-34e8-45a0-b3b1-32dd6aa7e360

or this command

    curl -X DELETE "https://uncurl.dev/api/curls?id=051606b5-49c8-4f14-9689-4d424f71d331"

Looks like deletes are unauthenticated.

  • darubramha  12 days ago

    Haha love that you shared the curl with the uncurl.dev url!

    Yes, delete is unauthenticated as highlighted, will be working on a fix for this. And you can delete any API if it is created as a logged in user.

serial_dev  13 days ago

Whether redacting the auth header is the best choice can be determined on a case by case basis, so I don't think it should redact by default. A big scary warning would definitely make sense, though!

byearthithatius  12 days ago

Exact same thing happened to me. Had to reset my HN user cookie because accidentally pasted my downvote curl command.