atl_token parameter visible from the URL

XMLWordPrintable

    • 1
    • Severity 3 - Minor
    • 0

      Issue Summary

      This is reproducible on Data Center: yes

      Steps to Reproduce

      1. Login to Bamboo
      2. Create plans and generate report
      3. Application sends a token through the URL itself.

      Expected Results

      Application should not send atl_token parameter  in URL 

      Actual Results

      application sends a token through the URL itself via a GET request of the application. 

      https://linux-59053.prod.atl-cd.net/bamboo/reports/generateReport.action?reportKey=com.atl[…]bmit&atl_token=cf5ff1d467312b0568bc5b9792882f0b4c410680  
 

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

              Assignee:
              Marcin Gardias
              Reporter:
              Khushboo Gupta (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: