Description
Guacamole's current REST API relies on including the user's auth token within the token query parameter. Using a query parameter in this way is generally regarded as bad practice, as other software between the user and the webapp may log the content of URLs and GET requests insecurely, including these parameters.
We should instead leverage HTTP headers, allowing the token parameter to be used only for compatibility's sake.
Attachments
Issue Links
- is related to
-
GUACAMOLE-1775 Auth token as a parameter in "session/tunnels/<tunnel ID>/protocol" request
- Closed
-
GUACAMOLE-1818 Migrate away from including auth token within WebSocket tunnel URL
- Open