I run OH3 with http binding and I just noticed that the password to my admin account is visible in code in the http thing editor:
UID: http:url:3b28048915 label: Kostal Inverter Part2 thingTypeUID: http:url configuration: authMode: BASIC ignoreSSLErrors: false baseURL: http://192.168.178.21/api/dxs.json?dxsEntries=67109378&dxsEntries=67109377&dxsEntries=67109379&dxsEntries=67109634&dxsEntries=67109633&dxsEntries=67109635&dxsEntries=67109890&dxsEntries=67109889&dxsEntries=67109891 refresh: 30 commandMethod: GET timeout: 3000 bufferSize: 2048 username: admin password: PasswordRemoved
username and password get added automatically if you activate the checkbox “show advanced” in the thing editor. My http requests don’t require authentication and I always have to manually removed the username and password in the code editor of thing
Don’t know if this is an issue, but I don’t like that the password is visible in clear text…
Any advice on how to handle this? Just don’t enable “show advanced”?