@Freymaurer and Co-Pilot pointed out on #515 that the user's OAuth token should not be part of the URL for an API call I implemented there because it can easily be leaked via logs, proxies, or error reporting. I think this concerns also other (currently used) API calls and git pushes and pulls so perhaps we should scan the code base and find more privacy-aware solutions for all instances.
@Freymaurer and Co-Pilot pointed out on #515 that the user's OAuth token should not be part of the URL for an API call I implemented there because it can easily be leaked via logs, proxies, or error reporting. I think this concerns also other (currently used) API calls and git pushes and pulls so perhaps we should scan the code base and find more privacy-aware solutions for all instances.