When this module was created it was just more for allowing token parse by query token than header, but usage and configurability has grown since and should be treated as more secure by default now. As a result, all options for extra areas to parse security tokens should be specifically opt-in so the module is locked down to only header auth by default.
When this module was created it was just more for allowing token parse by query token than header, but usage and configurability has grown since and should be treated as more secure by default now. As a result, all options for extra areas to parse security tokens should be specifically opt-in so the module is locked down to only header auth by default.