Mike Jumper created GUACAMOLE-956:
-------------------------------------
Summary: Migrate away from including auth token within REST API
URLs
Key: GUACAMOLE-956
URL: https://issues.apache.org/jira/browse/GUACAMOLE-956
Project: Guacamole
Issue Type: Improvement
Components: guacamole
Reporter: Mike Jumper
Guacamole's current REST API relies on including the user's auth token within
the {{token}} query parameter. Using a query parameter in this way is generally
regarded as bad practice, as other software between the user and the webapp may
log the content of URLs and GET requests insecurely, including these parameters.
We should instead leverage HTTP headers, allowing the {{token}} parameter to be
used only for compatibility's sake.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
