crystal_slack icon indicating copy to clipboard operation
crystal_slack copied to clipboard

Published 20 hours ago verified publisher icon manastech

Access token should not be sent via query string

Open HertzDevil opened this issue 1 year ago • 0 comments

Slack::API is passing its access token to the HTTP client as a query parameter, like so:

https://github.com/manastech/crystal_slack/blob/6ab21268af434fb7ed5ac16ad01b44464e45bef9/src/slack/api.cr#L32-L36

This is deprecated for Slack apps created on 2021-02-24 or later. The appropriate action is to use an authorization header.

HertzDevil avatar Aug 25 '22 21:08 HertzDevil