Is there any security concerns because of query string in request URI

I am using Atmosphere framework for web socket communication in my application. The generated web socket URLs contains X-Atmosphere-tracking-id, X-Atmosphere-Framework, X-Atmosphere-Transport, X-atmo-protocol etc. parameters as query string like mentioned below

`wss://localhost:8080/chat?X-Atmosphere-tracking-id=0&X-Atmosphere-Framework=3.0.0-javascript&X-Atmosphere-Transport=websocket&X-Heartbeat-Server=65&Content-Type=application/json&X-atmo-protocol=true&uuId=cc610c86-37a2-75b4-fbfc-36a9cb8220cb&spring-security-redirect=%2Fchat%2Findex&Accept-Language=en`

Is there any security issues can exists because of exposing X-Atmosphere-tracking-id, X-Atmosphere-Framework, X-Atmosphere-Transport, X-atmo-protocol etc. parameters as query string in URLs?

By using the brower devtools, we are able to see the complete URL with query string as shown below
![devtool](https://github.com/Atmosphere/atmosphere/assets/77721308/95b356ef-9fe4-4ddc-a287-bafe9aa3dccc)


**Atmosphere Info**
  - atmosphere-runtime:2.6.0
  - atmosphere.min.js version 3.0.0-javascript


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Is there any security concerns because of query string in request URI #2499

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Is there any security concerns because of query string in request URI #2499

Description

Activity

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions