Skip to content

support: Enabling API token header "X-GROWI-ACCESS-TOKEN" #10443

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ryu-sato wants to merge 12 commits into
base: master
Choose a base branch
from
Open

support: Enabling API token header "X-GROWI-ACCESS-TOKEN" #10443

ryu-sato wants to merge 12 commits into from

Conversation

@ryu-sato
Copy link
Contributor

@ryu-sato ryu-sato commented Oct 25, 2025

This pull request proposes enabling the use of X-GROWI-ACCESS-TOKEN as a method for obtaining API tokens.

Currently, GROWI allows you to set the access_token either as a Bearer token in the Authorization header or as an access_token query parameter.

ref. https://docs.growi.org/en/api/rest-v3.html

If the Authorization header is already in use (e.g., for Basic authentication), you need to use the query parameter.

However, sending the token via a GET method query parameter is not secure as it requires including the token in the URL.

see. https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url

ryu-sato added 12 commits October 21, 2025 14:09
@ryu-sato ryu-sato requested review from Copilot, miya and yuki-takei and removed request for Copilot October 25, 2025 06:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@miya miya Awaiting requested review from miya

@yuki-takei yuki-takei Awaiting requested review from yuki-takei

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ryu-sato