Skip to content

support: Enabling API token header "X-GROWI-ACCESS-TOKEN"#10443

Open
ryu-sato wants to merge 12 commits intogrowilabs:masterfrom
ryu-sato:support/api-token-header
Open

support: Enabling API token header "X-GROWI-ACCESS-TOKEN"#10443
ryu-sato wants to merge 12 commits intogrowilabs:masterfrom
ryu-sato:support/api-token-header

Conversation

@ryu-sato
Copy link
Copy Markdown
Contributor

@ryu-sato ryu-sato commented Oct 25, 2025

This pull request proposes enabling the use of X-GROWI-ACCESS-TOKEN as a method for obtaining API tokens.

Currently, GROWI allows you to set the access_token either as a Bearer token in the Authorization header or as an access_token query parameter.

ref. https://docs.growi.org/en/api/rest-v3.html

If the Authorization header is already in use (e.g., for Basic authentication), you need to use the query parameter.

However, sending the token via a GET method query parameter is not secure as it requires including the token in the URL.

see. https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url

ryu-sato added 12 commits October 21, 2025 14:09
@ryu-sato ryu-sato requested review from Copilot, miya and yuki-takei and removed request for Copilot October 25, 2025 06:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@miya miya Awaiting requested review from miya

@yuki-takei yuki-takei Awaiting requested review from yuki-takei

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ryu-sato