Description
I am using Atmosphere framework for web socket communication in my application. The generated web socket URLs contains X-Atmosphere-tracking-id, X-Atmosphere-Framework, X-Atmosphere-Transport, X-atmo-protocol etc. parameters as query string like mentioned below
wss://localhost:8080/chat?X-Atmosphere-tracking-id=0&X-Atmosphere-Framework=3.0.0-javascript&X-Atmosphere-Transport=websocket&X-Heartbeat-Server=65&Content-Type=application/json&X-atmo-protocol=true&uuId=cc610c86-37a2-75b4-fbfc-36a9cb8220cb&spring-security-redirect=%2Fchat%2Findex&Accept-Language=en
Is there any security issues can exists because of exposing X-Atmosphere-tracking-id, X-Atmosphere-Framework, X-Atmosphere-Transport, X-atmo-protocol etc. parameters as query string in URLs?
By using the brower devtools, we are able to see the complete URL with query string as shown below
Atmosphere Info
- atmosphere-runtime:2.6.0
- atmosphere.min.js version 3.0.0-javascript