Operations Basics / Version 2512.0
Table Of ContentsEach Content Server provides HTTP endpoints for blob up- and download as well as for processor usage data. You may configure whether authentication data for those endpoints is to be sent as part of the URL (which was the only way prior to CMCC 13) or as a request field. See properties
repository.send-session-token-in-urlat Section 3.12.1, “Unified API Spring Boot Client Properties” in Deployment Manual,replicator.publication-send-session-token-in-urlat Section 3.2.5, “Properties for Replicator Configuration” in Deployment Manual, andpublisher.send-session-token-in-urlat Section 3.2.3, “Properties for the Publisher” in Deployment Manual.
If set to true, the session token for connection to HTTP endpoints will be sent as a URL query
parameter. Otherwise, it will be sent as a request field.
While sending the token as a query parameter is inherently insecure, it is the default to
keep backward compatibility. Unless connection to an older server (prior to CMCC 13) is required,
it is recommended to set these properties to false.
