[
https://issues.apache.org/jira/browse/SHINDIG-606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12638210#action_12638210
]
Chris Chabot commented on SHINDIG-606:
--------------------------------------
for one, it would make the url a lot more readable ... but would it have any
influence on the browsers caching behavior in a negative way (ie, make it cache
when it shouldn't)?
if that's not the case, i'm +1 on the proposal
> Move security token to header for XMLHttpRequests?
> --------------------------------------------------
>
> Key: SHINDIG-606
> URL: https://issues.apache.org/jira/browse/SHINDIG-606
> Project: Shindig
> Issue Type: Improvement
> Components: Common Components (Java), Common Components (PHP)
> Reporter: Evan Gilbert
> Assignee: Evan Gilbert
>
> It seems slightly more secure if the security token were put into an HTTP
> header instead of in the URL when making requests back to the server from
> gadgets. This way the token is not normally logged by proxies, etc.
> We'd still probably support the URL parameter for debugging purposes.
> I'm not a security expert, possibly others with more experience can weigh in
> on how important this is.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
