Hey folks - When initializing a gadget it seems like the best place to put the gadget token is in the URL fragment, i.e. http://somegadget.com/foo.xml#t=token. What about when the token is returned to the gadget server for authenticated requests? The ProxyHandler code currently looks for the gadget token in the 't' request parameter, but I'd like to move it to an HTTP header. URL parameters tend to leak via the referer header, so moving the gadget token out of the URL would be security win.
Cheers, Brian
