Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-956

Migrate away from including auth token within REST API URLs

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Done
    • None
    • 1.4.0
    • guacamole
    • None

    Description

      Guacamole's current REST API relies on including the user's auth token within the token query parameter. Using a query parameter in this way is generally regarded as bad practice, as other software between the user and the webapp may log the content of URLs and GET requests insecurely, including these parameters.

      We should instead leverage HTTP headers, allowing the token parameter to be used only for compatibility's sake.

      Attachments

        Activity

          People

            mjumper Mike Jumper
            mjumper Mike Jumper
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: