People sometimes report issues against packager dashboard which contain their oidc token in URL, see #167. If they are not well informed, they'll keep the value in logs, which might affect their account security (it seems). Is it necessary to have the oidc_token in URL? Can't that be passed through POST?
Metadata Update from @frantisekz: - Issue assigned to lbrabec
You're right, fix is in master.
The fix has been deployed to the production env and I've verified it's working properly.
Metadata Update from @frantisekz: - Issue status updated to: Closed (was: Open)
Metadata Update from @jskladan: - Custom field story_points adjusted to 1
Log in to comment on this ticket.