Just found this page. OMG this is awesome. I’ve been needing this for a while.


I’m especially excited by this bit:

Access tokens may be provided in two ways, both of which the homeserver MUST support:

Via a query string parameter, access_token=TheTokenHere.
Via a request header, Authorization: Bearer TheTokenHere.

Clients are encouraged to use the Authorization header where possible to prevent the access token being leaked in access/HTTP logs.

All the tutorials I’ve been referencing pass the access token via query string which straight up filled me with massive doubts about the security and whorthwhileness of the whole project.

Haven’t had much time to work/research things the past couple weeks. It’s all good stuff, but dang aren’t there a lot of important-but-expensive things that need to happen sometimes. And doesn’t the work-to-pay-for-all-that just suck up all the free time in the world.

New todo list item:

  • https://github.com/hexojs/hexo-server - If I understand correctly, this will monitor file changes and generate pages automatically and hopefully without having to load hexo each update. I think each blog will need its own server, which is a bummer, but might not be a problem.