MartinSahlen
commented
9 years ago What do you mean by this? All http requests, including GET, have headers. Could you please give a scenario where the current implementation would not work?
Closed mateusz-fiolka closed 9 years ago
MartinSahlen
commented
9 years ago What do you mean by this? All http requests, including GET, have headers. Could you please give a scenario where the current implementation would not work?
mateusz-fiolka
commented
9 years ago @MartinSahlen Example - how would you pass headers through url contained in href attribute of an a element?
MartinSahlen
commented
9 years ago I see your point, but keep in mind that dropwizard is mainly aimed at making web services and APIs that is called via REST, making your request a bit of an edge case (as the caller will have control of all aspects of the request, including headers). The better way for handling such a case would be to use cookies to maintain a user session as is the usual practice. Exposing the token in itself like this in a navigable URL is not a good way to do this (IMHO). It would be a pretty easy job to implement sessions with cookies if that is your need, but I think that is outside the scope of this project (and there might also already be a package that does this?).
mateusz-fiolka
commented
9 years ago @MartinSahlen Sounds legit. My use case is quite exotic so I'll just try to extend this library. It doesn't sound very useful for typical users. Therefore I'm closing this issue.
As far as I understand the source code - currently jwt token in read from header param. It makes using JWT tokens together with GET method impossible. It would be nice if one could specify either request param token would be read from or a custom strategy for querying token value.