What are the advantages and disadvantages of writing to url or body parameters and writing to header when using jwt,token?

our interface uses jwt for authentication, and the frontend needs to carry token when accessing it. There are many places where token can be written, one is that path is written to the url parameter, and the other is that you can set header. Want to know what are the advantages and disadvantages of these two ways, and which one is better?

Mar.13,2021

of course, in header, it is easy to be hijacked in url. Someone qq you, send him the url, send him the token directly, and then he can do whatever he wants to do when he gets the token. In addition, writing parameters in url to url escape, is one more step than writing header.


write in the number of parameters to prevent csrf. At this time, the token should be different from each interface, for example, when you ask for an interface, you will verify the token when the next token, submits it. Writing header should be a global one. You mainly think too much about permission verification such as


. Token is stored in the local cache. If you give url to others, they will not get your token.

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e54bb8-4424f.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e54bb8-4424f.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?