Add configuration option for app service auth (header vs. query string) #14415
Comments
matrixbot
changed the title
|
I suspect matrix-org/synapse#16017 fixed this? |
|
Is it sufficient that the config option is in the Synapse config, rather than the application service registration file, as I understand the original issue to be referring to? cc @bradjones1 as the original issue author. |
|
I believe that matrix-org/synapse#16017 should address the concern of the query string being exposed. I filed that original issue quite a long time ago and I haven't revisited this but looking at the changes throughout 2023 I think that change addresses the original concern. 👍 |
|
Wonderful, thanks for confirming @bradjones1! Closing this issue then. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This issue has been migrated from #14415.
Description:
After matrix-org/synapse#13996 we now send the HS token in an
authenticationheader in addition to the legacy query string. It would be good to make this configurable in the AS config, e.g. so that logs which include the query string no longer expose this security token or require manual redaction.The text was updated successfully, but these errors were encountered: