@mattab opened this Issue on September 11th 2018 Member

The new feature "Show export URL" is very valuable in giving everyone quick access to the API and seeing how the URL is constructed, making it easy to share, etc.

However for security reasons we would not want to reveal the full token_auth on screen.
Similarly in the Personal settings page where the token_auth is displayed to the user, it requires an extra click to reveal the full token.

So the goal if this issue is to slightly change the behavior, proposal:

  • When "Show export URL" is clicked, show the textarea but in the string, only show the first few characters and write ....
  • When user clicks the field to copy/paste it, then reveal the full token_auth and full URL

follows up #11958 #12987

@tsteur commented on September 12th 2018 Member

Is this really needed considering you already have to click to see it?

Powered by GitHub Issue Mirror