Suggestion: store key in URL fragment rather than param

[GranPC]

Hi! Pretty cool project you've got here, thanks for sharing!

In commit ec8d204 you added a feature that allows the encryption key to be embedded in the shared URL. As a suggestion to keep the E2E encryption safe, I think it would be better to move it into the fragment (window.location.hash) rather than a query parameter. This is because query parameters are sent to the request made to the web server - which defeats the point of E2E encryption - but hash/fragment identifiers are not.

Thanks!

[leonwind]

Hi,
That is a good catch, I totally missed that! Thanks for creating the issue.
I created the PR #12 to fix it, which I will merge soon and then update the webserver as well as the client. Just need to check for backward compatibility since people with the old client will still get the ?key=123 query parameter 😅

[leonwind]

Should be fixed now, e.g. https://cli2cloud.com/8TGxG8#key=123

To get the hash param as a response of the cli client, you need to update your go package.