let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity
Files
97248a2885da7760db9149f3584da59bfd80b34c
clawdbot/docs/automation
History
Yuri Chukhlib 961b4adc1c feat(gateway): deprecate query param hook token auth for security (#2200) 
* feat(gateway): deprecate query param hook token auth for security

Query parameter tokens appear in:
- Server access logs
- Browser history
- Referrer headers
- Network monitoring tools

This change adds a deprecation warning when tokens are provided via
query parameter, encouraging migration to header-based authentication
(Authorization: Bearer <token> or X-Clawdbot-Token header).

Changes:
- Modified extractHookToken to return { token, fromQuery } object
- Added deprecation warning in server-http.ts when fromQuery is true
- Updated tests to verify the new return type and fromQuery flag

Fixes #2148

Co-Authored-By: Claude <noreply@anthropic.com>

* fix: deprecate hook query token auth (#2200) (thanks @YuriNachos)

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-01-26 14:51:25 +00:00
..
auth-monitoring.md
feat(models): add oauth auth health
2026-01-09 00:34:38 +00:00
cron-jobs.md
feat: add system cli
2026-01-24 04:03:07 +00:00
cron-vs-heartbeat.md
feat: add system cli
2026-01-24 04:03:07 +00:00
gmail-pubsub.md
fix(security): prevent prompt injection via external hooks (gmail, we… (#1827)
2026-01-26 13:34:04 +00:00
poll.md
refactor: require target for message actions
2026-01-17 04:15:46 +00:00
webhook.md
feat(gateway): deprecate query param hook token auth for security (#2200)
2026-01-26 14:51:25 +00:00