Closed fcoquelet closed 3 years ago
heggink
commented
3 years ago Hi fcoquelet,
Thanks for the amendment. Assuming this is a breaking change, correct? Since I have a secure local network (no access for outsiders possible), I don't need hashed tokens myself although I understand why you implemented it. If it is a breaking change then I am not sure if we should enforce and maybe create a separate branch. Appreciate your guidance.
Herman
fcoquelet
commented
3 years ago Thanks for your quick reply :) I did the change quite a while ago, but as far as I remember this should not be a breaking change. The plugin still holds the token as it used to and toggles between sending it raw via the token URL parameter or computing its hash and send it via ts/rnr/hash parameters, according to the plugin setting. If you prefer, the default can be inverted to keep the default mode as Plain.
(It does require extra dependencies though, so yes, if people update and don't have these libraries on their system - it will create an issue)
fcoquelet
commented
3 years ago Additional imports are now optional and if missing will de-activate Hashed tokens if it was set(with an error message) Plaintext is now default
fcoquelet
commented
3 years ago Corrected a dumb logical and error + enabled signed commits
Since the bridge is not protected by HTTPS, avoids sending the token in plain text over the network in favor of the slightly more secure hashed one