Mike Jumper created GUACAMOLE-956: ------------------------------------- Summary: Migrate away from including auth token within REST API URLs Key: GUACAMOLE-956 URL: https://issues.apache.org/jira/browse/GUACAMOLE-956 Project: Guacamole Issue Type: Improvement Components: guacamole Reporter: Mike Jumper
Guacamole's current REST API relies on including the user's auth token within the {{token}} query parameter. Using a query parameter in this way is generally regarded as bad practice, as other software between the user and the webapp may log the content of URLs and GET requests insecurely, including these parameters. We should instead leverage HTTP headers, allowing the {{token}} parameter to be used only for compatibility's sake. -- This message was sent by Atlassian Jira (v8.3.4#803005)