Project

General

Profile

Bug #28515

Use auth token in header

Added by Vaibhav Chauhan about 1 year ago. Updated 10 months ago.

Status:
Done
Priority:
Expected
Assignee:
Brandon Schneider
Category:
Middleware
Target version:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

using auth token in the url poses a security issue, use auth token in header instead.

Associated revisions

Revision 8f302007 (diff)
Added by Brandon Schneider about 1 year ago

fix(middlewared): Allow token in header

Ticket: #28515

Revision c64c5146 (diff)
Added by Brandon Schneider about 1 year ago

fix(middlewared): Allow token in header (#913)

Ticket: #28515

History

#1 Avatar?id=14398&size=24x24 Updated by Kris Moore about 1 year ago

  • Category set to Middleware
  • Assignee changed from William Grzybowski to Brandon Schneider
  • Priority changed from No priority to Expected
  • Target version set to 11.2-BETA1

#2 Updated by William Grzybowski about 1 year ago

He means using token header to authenticate in the `/_upload/` endpoint in middlewared.

#3 Avatar?id=14398&size=24x24 Updated by Kris Moore about 1 year ago

  • Due date set to 03/02/2018

#4 Avatar?id=13649&size=24x24 Updated by Ben Gadd about 1 year ago

  • Due date changed from 03/02/2018 to 03/12/2018

#5 Avatar?id=13649&size=24x24 Updated by Ben Gadd about 1 year ago

  • Due date changed from 03/12/2018 to 03/09/2018

#6 Updated by Brandon Schneider about 1 year ago

  • Status changed from Not Started to In Progress

#7 Updated by Brandon Schneider about 1 year ago

  • Status changed from In Progress to Done

#8 Updated by Dru Lavigne about 1 year ago

  • Subject changed from please use auth token in a header. to Allow token in header
  • Needs Doc changed from Yes to No
  • Needs Merging changed from Yes to No

#9 Updated by Dru Lavigne 12 months ago

  • Status changed from Done to Ready for Testing

#10 Updated by Dru Lavigne 10 months ago

  • Subject changed from Allow token in header to Use auth token in header
  • Severity set to New

#11 Updated by Michael Reynolds 10 months ago

  • Status changed from Ready for Testing to Passed Testing

The auth token is not in the URL and we can still log in.

#12 Updated by Dru Lavigne 10 months ago

  • Status changed from Passed Testing to Done
  • Needs QA changed from Yes to No

Also available in: Atom PDF