Add query param authentication #9
Conversation
sagikazarmark
force-pushed
the
query_param_auth
branch
from
eebe208
to
59fe975
Compare
|
does this exist? it sounds like a rather dangerous way of doing things. if its ever done with a browser, it ends up in the history, and could even be spilled as a referrer. i would expect to use a post body in that case. that said, if there are systems out there doing this, we can have it but i would like to have a little bit more documentation that warns that this is not a good idea in general. |
|
Unfortunately, this exists. Not just sort of acceptable solutions (like some request token), but user/password pairs as well (just did it connecting to a third party API, so from my point of view I need this feature, their security sucks 😜 ) |
|
oh wow. okay. but can you please update the phpdoc a bit, to explain
that this is not a good practice?
|
|
Sure, will also add it to the documentation (php-http/documentation#43) |
|
@dbu is it better this way? I will also place a big fat warning in the docs. |
Add warning about QueryParam auth: it is not recommended
sagikazarmark
force-pushed
the
query_param_auth
branch
from
7bbcc93
to
2b9abac
Compare
Add query param authentication
No description provided.