You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2020/02/11 05:38:00 UTC
[jira] [Created] (GUACAMOLE-956) Migrate away from including auth
token within REST API URLs
Mike Jumper created GUACAMOLE-956:
-------------------------------------
Summary: Migrate away from including auth token within REST API URLs
Key: GUACAMOLE-956
URL: https://issues.apache.org/jira/browse/GUACAMOLE-956
Project: Guacamole
Issue Type: Improvement
Components: guacamole
Reporter: Mike Jumper
Guacamole's current REST API relies on including the user's auth token within the {{token}} query parameter. Using a query parameter in this way is generally regarded as bad practice, as other software between the user and the webapp may log the content of URLs and GET requests insecurely, including these parameters.
We should instead leverage HTTP headers, allowing the {{token}} parameter to be used only for compatibility's sake.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)