com_api icon indicating copy to clipboard operation
com_api copied to clipboard
verified publisher icon techjoomla

Tokens should not be accepted via request variables

Open coolbung opened this issue 7 years ago • 0 comments

Currently it is possible to send tokens via GET or POST. This means that token values will get logged in logs etc, and generally its a bad practice to send tokens via URLs.

Since we are already accpeting tokens via the Bearer Authorization, the support for tokens in request variables should be dropped.

coolbung avatar Jul 11 '18 15:07 coolbung