[jira] [Updated] (WOOKIE-427) Send idkey in header rather than in URL

Scott Wilson (JIRA) Tue, 04 Mar 2014 05:13:34 -0800

     [ 
https://issues.apache.org/jira/browse/WOOKIE-427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Scott Wilson updated WOOKIE-427:
--------------------------------

    Fix Version/s: 2.0.0

> Send idkey in header rather than in URL
> ---------------------------------------
>
>                 Key: WOOKIE-427
>                 URL: https://issues.apache.org/jira/browse/WOOKIE-427
>             Project: Wookie
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 2.0.0
>            Reporter: Scott Wilson
>              Labels: security
>             Fix For: 2.0.0
>
>
> When a widget sends an API request, e.g. to get preferences or set a 
> preference, it should include the ID_KEY in a header field rather than in the 
> querystring, as this reduces the likelihood of the parameter being extracted 
> and misused.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (WOOKIE-427) Send idkey in header rather than in URL

Reply via email to