While logging in to Kagi with session link URLs is very useful, it's a bit creepy that I can get to my Stripe credit card info with just knowledge of the Session Link URL. Any chance to add an (opt-in?) settings checkbox for requiring the full username + password authentication before being able to access the user's billing page? Or more generalized, have a session link access scopes for "just be able to use Kagi, without seeing any identifiable user info", ideally. The risk of a session key leak via browser history etc. revealing user info seems a bit disconcerting, be it via user mistake or some third party system not assuming URL history is sensitive. Thanks.
11
Require credentials before accessing billing info from a Session Link
13 days later
6 months later
This would be a great feature. I'd like to be able to use a Session Link to allow Kagi on a slightly untrusted device, like a work machine. I don't need Kagi administrative access on my work machine, just search.
This was implemented.
No one is typing