Drop the redundant private_token GET parameter

Quoting from the GitLab API: "You can use a personal access token to authenticate with the API by passing it in either the private_token parameter or the Private-Token header.". By using it as GET parameter we expose our tokens to sniffing!

Drop the redundant private_token GET parameter
b2aa9e11 · Andrea Scarpino · 078cec7f · b2aa9e11
Commit b2aa9e11 authored 6 years ago by Andrea Scarpino
--- a/app/src/main/java/com/commit451/gitlab/api/AuthenticationRequestInterceptor.kt
+++ b/app/src/main/java/com/commit451/gitlab/api/AuthenticationRequestInterceptor.kt
@@ -25,10 +25,6 @@ class AuthenticationRequestInterceptor(private val account: Account) : Intercept
        if (isSameServer(url.toString(), serverUrl)) {
            val privateToken = account.privateToken
            privateToken?.let {
-                url = url.newBuilder()
-                        .addQueryParameter(PRIVATE_TOKEN_GET_PARAMETER, it)
-                        .build()
-
                request = request.newBuilder()
                        .header(PRIVATE_TOKEN_HEADER_FIELD, it)
                        .url(url)