-
Notifications
You must be signed in to change notification settings - Fork 369
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dedicate a section on how to use access tokens #1517
Dedicate a section on how to use access tokens #1517
Conversation
support: | ||
|
||
1. Via a query string parameter, ``access_token=TheTokenHere``. | ||
#. Via a request header, ``Authorization: Bearer TheTokenHere``. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suspect we should specify when to use which. i.e. to spell out that the query string is for compatibility, but the request header is the preferred approach to avoid access_tokens being leaked in URLs or HTTP access logs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
…en submitting reports (matrix-org#1517) * Add MSC2249 support * changelog * Add a line on verification * Changes based on review feedback * Apply suggestions from code review Co-authored-by: Travis Ralston <travpc@gmail.com> * move tags field to the bottom of report_content.yaml * fix duplicated content now how did that happen * fix up the 404 response schema it wasn't displaying correctly in the rendered spec otherwise * remove erroneous schema reference * 1.7 -> 1.8 Co-authored-by: Travis Ralston <travpc@gmail.com> --------- Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Co-authored-by: Travis Ralston <travpc@gmail.com> Co-authored-by: Andrew Morgan <andrew@amorgan.xyz>
Rendered: see 'docs' status check.
This is an attempt to add more clarity to the section, as requested in #1042.
Fixes #1042.