Opened 2 hours ago
#1330 new improvement
Do not use sid in request
| Reported by: | admin | Owned by: | Blucecio |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | Office Addin | Version: | 9.2 |
| Keywords: | Cc: |
Description
Many customers have to enable sid in request flag in order to be able to use the Edit in Office from the GUI, like this case: https://logicaldoc.freshdesk.com/a/tickets/14790
If you enable the sid in the request, you are exposing LogicalDOC to security vulnerabilities.
The Office Addin launcher must send the SID in a header of the request.
Best thing would be to use the API Key configured in the Addin settings.
Note: See
TracTickets for help on using
tickets.