Project

General

Profile

Bug #16812

Updated by Peter Amstutz over 3 years ago

Users are sharing download URLs with embedded user tokens.    Workbench2 should hand off to keep-web in a way that does not expose the token to the user. 

 I believe the way Workbench 1 does it is by linking to a special workbench path, which returns a redirect which includes ?api_token in the query, when keep-web gets the request it returns a cookie and another redirect to the final URL with the ?api_token stripped, this is the one the user sees, with the token safely stashed in a cookie. 

Back