[
https://issues.apache.org/jira/browse/GUACAMOLE-956?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Jumper closed GUACAMOLE-956.
---------------------------------
Resolution: Done
> Migrate away from including auth token within REST API URLs
> -----------------------------------------------------------
>
> Key: GUACAMOLE-956
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-956
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole
> Reporter: Mike Jumper
> Assignee: Mike Jumper
> Priority: Minor
> Fix For: 1.4.0
>
>
> Guacamole's current REST API relies on including the user's auth token within
> the {{token}} query parameter. Using a query parameter in this way is
> generally regarded as bad practice, as other software between the user and
> the webapp may log the content of URLs and GET requests insecurely, including
> these parameters.
> We should instead leverage HTTP headers, allowing the {{token}} parameter to
> be used only for compatibility's sake.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
