Closed plediii closed 10 years ago
As i see it, either you can see the hole HTTP request including the headers and the URL otherwise you cant see anything (with HTTPS).
Ah, my misunderstanding. It seems the URL with query parameters would only be stored in plain text on the dropbox server logs.
Is there a reason the oauth access token is passed via query parameters for get requests? I'm concerned because this seems like a potential security risk with eavesdropping. It looks like the tokens should instead be passed in the HTTP headers.