Is it possible to pass the jwt token in the http header instead of in the url?

meet

#1

I have successfully set up a Jitsi Meet server on a VM to accept jwt tokens after a lengthy struggle.
However, i am wondering that if it is possible to pass the token in the http header instead of in the url, for security reasons.
Does anyone have any ideas about this?


#2

Hi Duke, I don’t know how to do that, I would just like to clarify that if you use HTTPS the JWT is encrypted and can’t be intercepted.


#3

Thank you for answering. My concern is that if attaching the token to the end of the URL, the token itself is exposed to users, and we don’t know how they will play with it. That’s why we are looking for a way to put the token in the http header.
And, yes, we use https.