Add parameter to query or body without removing headers

[vitorfhc]

Autorize has two modes of defining the credentials for the low-privilege user: replacing headers or queries.

What about both? I have an application that sends the CSRF in the header and as a body parameter on POST requests.

[Quitten]

@vitorfhc - Thank you for the heads up.

I don't have time to implement this at the moment, but I would like to share my thoughts on how should it be done in case someone in the community would like to contribute. (I see @terminalJunki3 pretty active recently)

I think we should implement this as part of the "saved headers" feature, so each saved header would have its own "mode" (e.g. headers/body param/query para/path param) then each of them can be active or not, then we will be able to easily determine which modifications are in place.