Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-956

Migrate away from including auth token within REST API URLs

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Done
    • None
    • 1.4.0
    • guacamole
    • None

    Description

      Guacamole's current REST API relies on including the user's auth token within the token query parameter. Using a query parameter in this way is generally regarded as bad practice, as other software between the user and the webapp may log the content of URLs and GET requests insecurely, including these parameters.

      We should instead leverage HTTP headers, allowing the token parameter to be used only for compatibility's sake.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. GUACAMOLE-1775 Auth token as a parameter in "session/tunnels/<tunnel ID>/protocol" request

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed

          Wish - General wishlist item. GUACAMOLE-1818 Migrate away from including auth token within WebSocket tunnel URL

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Activity

            People

              mjumper Mike Jumper
              mjumper Mike Jumper
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: