Uploading attachments securely to a ticket
I am struggling to find a way how I could upload attachments to a ticket securely with my app.
I can't upload an attachment with ZAFClient.Request() because it does not support the header Content-Type to be set as "application/binary", and therefore corrupts the uploads.
There is no function to get an authorization header from the ZAFClient, and using Secure settings will not work because the code block where I need to set the authorization header is not in a ZAFClient.Request().
My only option is to set the authorization header as plain text in the code itself. This is extremely bad and makes me nervous. Is there something obvious that I am missing, or is this really the only way to make this work?
Here is my current working (but insecure) way of doing this:
Any comments on this issue?
Thanks for reaching out and sorry for the delay in someone getting back to you!
As it currently stands, the best way to ensure security when using the Attachments API together with a ZAF app would be by using a piece of backend middleware to process the request. This way, your credentials won’t be exposed on the client side.
I know this is not an optimal solution and I’m working with our product team to see if we can look in to making changes to the ZAF request method to allow for securely uploading ticket attachments directly from the browser.
I’ll reply back here once I have any more information that I can share with you.
Thank you. Yeah, the middleware doesn't fix a lot, yes, the zendesk token would be safe but the connection to the middleware should optimally be secured too, and there we get the next set of issues.
Please keep me updated, I have found many similar community posts from the past that have struggled with this same issue.
댓글을 남기려면 로그인하세요.