-
Notifications
You must be signed in to change notification settings - Fork 530
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
Wopi: checkFileInfo request contains multiple bearer tokens #780
Comments
Hello @cagliostro92. This is for compatibility with possible WOPI hosts. In the documentation from the WOPI protocol developer does not clearly indicate where it should be. |
Hello @igwyd, |
As far as I can tell this is a recommendation and not a requirement, I don't see a threat in this, but I agree that it is worth paying attention to, I created a ticket #71766 for the developers. |
It's fixed at ONLYOFFICE/server@b8f95f3 and will be released in next release. |
DocumentServer v8.3.0 is released so I close this issue. Feel free to comment or reopen it if you got further questions. |
This issue is unique.
Operating System of DocumentServer
Docker
Version information
8.2.0
Expected Behavior
As per RFC 6750 there are three methods to send a bearer token:
and clients must not use more than one method to transmit the token in each request.
Actual Behavior
Actually, the code sends the token both in query param and header:
request uri=http://xxx.xxx.xxx.xxx:8080/wopi/files/1?access_token=token
Reproduction Steps
No response
Additional information
No response
The text was updated successfully, but these errors were encountered: