Move security token to header for XMLHttpRequests?
--------------------------------------------------
Key: SHINDIG-606
URL: https://issues.apache.org/jira/browse/SHINDIG-606
Project: Shindig
Issue Type: Improvement
Components: Common Components (Java), Common Components (PHP)
Reporter: Evan Gilbert
Assignee: Evan Gilbert
It seems slightly more secure if the security token were put into an HTTP
header instead of in the URL when making requests back to the server from
gadgets. This way the token is not normally logged by proxies, etc.
We'd still probably support the URL parameter for debugging purposes.
I'm not a security expert, possibly others with more experience can weigh in on
how important this is.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
