HomePhabricator

API: Insist authn parameters be in the POST body

Description

API: Insist authn parameters be in the POST body

Passwords should always be submitted in the POST body, not in the query
string. Thus, a warning will now be returned if the password for
action=login or any sensitive authentication request parameters for
AuthManager actions are found in the query string.

These warnings should be upgraded to errors in 1.29.

Change-Id: Ifb2c684bb28c9acc004be2b0c2fef839eb7624aa

Details

Provenance
AnomieAuthored on Aug 18 2016, 5:36 PM
TgrCommitted on Aug 18 2016, 9:13 PM
Parents
rMW8f2ccef7a76e: Merge "AuthManager: Allow for flagging fields as "sensitive""
Branches
Unknown
Tags
Unknown
ChangeId
Ifb2c684bb28c9acc004be2b0c2fef839eb7624aa