Strengthen integration
Two modifications to improve UX when things go bad or in case a user (maliciously) tries and accesses a note from outside the integration. For the latter, a secret API_KEY
parameter is introduced in the configuration, and its value checked against an apikey
query parameter on any access to a note.
To be noted that a standard Authorization: Bearer
header was not used to still allow redirection to a single URL, so that end clients do not need to include that header. to In the future, the apikey
check could be propagated to other controllers.
Edited by Giuseppe Lo Presti