req.query.accessToken should be a req.headers.authorization check instead on POST
kaihendry opened this issue · comments
I was wondering why in https://github.com/unee-t/lambda2sns APIAccessToken was used as get parameters as well as a header -H "Authorization: Bearer XXXXX"
.
I removed the parameter assuming both ways would work & Iit didn't. I can see now there is no code to check req.headers.authorization in the POST request for example in
frontend/imports/api/rest/post-process-api-payload-request.js
Lines 663 to 666 in eb78cb6
frontend/imports/api/rest/post-process-db-change-message.js
Lines 84 to 87 in eb78cb6
So be good to update the code to support Authorization for two reasons:
- get auth parameters isn't the norm for POST
- also helps not put credentials in my logs