crystal_slack
crystal_slack copied to clipboard
Access token should not be sent via query string
Slack::API
is passing its access token to the HTTP client as a query parameter, like so:
https://github.com/manastech/crystal_slack/blob/6ab21268af434fb7ed5ac16ad01b44464e45bef9/src/slack/api.cr#L32-L36
This is deprecated for Slack apps created on 2021-02-24 or later. The appropriate action is to use an authorization header.