Request headers (can i pass authorization header)

Question

Request headers (can i pass authorization header)

Opened this issue 2 years ago · 2 comments

Hi,

I've been exploring strapi previews and if found your plugin, I find it quite good to use in Production but can I pass the API secret through the request header? (I don't want it to be visible through the URL so it can be leaked)

Answer 1 · 2023-04-15T18:52:42.000Z

Hi @markok0stic Currently you cannot pass it as a request header. However, I'm open to ideas for how to achieve that if you wanted to discuss the solution here.

Answer 2 · 2023-04-15T20:49:08.000Z

Hello @mattmilburn,
I am currently thinking of the possible solution, but i am not fully sure, i have multiple ides, probbably the best one would be to use iframe and share the state between that two apps, maybe in that case i think of using session key as a auth key (not sure if they share the same session key), but that would mean that the apps have to be hosted on the same domain. Or we can share the API key through the state.
Probbably the best one and most practical.
But i am also thinking of solving it in your way by opening new window and sendning somehow the request from new window with auth header but the probelm is the response type and the url path.