[ https://issues.apache.org/jira/browse/GUACAMOLE-956?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mike Jumper reassigned GUACAMOLE-956: ------------------------------------- Assignee: Mike Jumper > Migrate away from including auth token within REST API URLs > ----------------------------------------------------------- > > Key: GUACAMOLE-956 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-956 > Project: Guacamole > Issue Type: Improvement > Components: guacamole > Reporter: Mike Jumper > Assignee: Mike Jumper > Priority: Minor > > Guacamole's current REST API relies on including the user's auth token within > the {{token}} query parameter. Using a query parameter in this way is > generally regarded as bad practice, as other software between the user and > the webapp may log the content of URLs and GET requests insecurely, including > these parameters. > We should instead leverage HTTP headers, allowing the {{token}} parameter to > be used only for compatibility's sake. -- This message was sent by Atlassian Jira (v8.3.4#803005)