Skip to content

Never send token_auth as GET parameter, but send it as POST instead #7349

New issue
New issue
Closed
Closed
Never send token_auth as GET parameter, but send it as POST instead#7349
Labels
MajorIndicates the severity or impact or benefit of an issue is much higher than normal but not critical.TaskIndicates an issue is neither a feature nor a bug and it's purely a "technical" change.c: SecurityFor issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Milestone
4.14.0
@mattab

Description

@mattab
mattab
opened on Mar 4, 2015

The goal of this issue is to ensure that in Piwik core, including the core:archive cron task and other logic, we will not send the token_auth as a GET parameter. Instead we should send with POST the token_auth so that it does not show up in logs and whenever the GET URL is output

This follows up #5277 and #7301

Also related to #4171

Metadata

Metadata

Assignees

No one assigned

    Labels

    MajorIndicates the severity or impact or benefit of an issue is much higher than normal but not critical.TaskIndicates an issue is neither a feature nor a bug and it's purely a "technical" change.c: SecurityFor issues that make Matomo more secure. Please report issues through HackerOne and not in Github.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions