You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2020/02/11 05:38:00 UTC

[jira] [Created] (GUACAMOLE-956) Migrate away from including auth token within REST API URLs

Mike Jumper created GUACAMOLE-956:
-------------------------------------

             Summary: Migrate away from including auth token within REST API URLs
                 Key: GUACAMOLE-956
                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-956
             Project: Guacamole
          Issue Type: Improvement
          Components: guacamole
            Reporter: Mike Jumper


Guacamole's current REST API relies on including the user's auth token within the {{token}} query parameter. Using a query parameter in this way is generally regarded as bad practice, as other software between the user and the webapp may log the content of URLs and GET requests insecurely, including these parameters.

We should instead leverage HTTP headers, allowing the {{token}} parameter to be used only for compatibility's sake.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)