On Mon, Feb 24, 2025 at 4:34 AM Sushmita Velan <sushmitavel...@gmail.com> wrote:
> Hi Team, > > I am currently working on a .NET Blazor application, and I would like to > navigate to the Guacamole remote connection page from my application. > > I have successfully accomplished this with the following code: > > url = > "http://localhost:8081/#/client/{connectionId}?token=889877......."await > jsr.InvokeVoidAsync("window.open", url, "_blank"); > > However, we should avoid this approach due to security concerns, as we are > exposing the token in the URL as a query string. > > It would be helpful if you could suggest any alternative ways we could > connect to the Guacamole remote connection securely. > The token= URL parameter was largely removed from Guacamole in version 1.4.0 via the following Jira issue: https://issues.apache.org/jira/browse/GUACAMOLE-956. This has also been recently discussed on the following thread: https://lists.apache.org/thread/vo9q6l7nkghm0wv5xyopgr0clgjx6dkv. If you're still seeing consistent use of the token= URL parameter, you need to update to a later version of Guacamole Client that incorporates the use of the Guacamole-Token header, instead. -Nick >
