Max Posted May 12, 2014 Report Share Posted May 12, 2014 Currently you use chart.googleapis.com to generate a QR code of the secret seed value used for TOTP. Besides the question whether it is a good idea to share your secret seed with Google, using an external service also means you cannot control the response headers send, and therefore cannot do anything to prevent the image ending up in the user's browser cache, which is also undesirable. Either let Blesta generate the QR code in PHP code and set proper response header for both the image and page it is on. Or let the browser generate a QR code with random seed in Javascript, with a library like: http://davidshimjs.github.io/qrcodejs/ Quote Link to comment Share on other sites More sharing options...
srn Posted January 6, 2017 Report Share Posted January 6, 2017 +1 Quote Link to comment Share on other sites More sharing options...
Paul Posted January 10, 2017 Report Share Posted January 10, 2017 We previously create CORE-2078 to address this. (Sorry, the task is private). In the task https://github.com/Bacon/BaconQrCode is recommended for use in generating the QR code. Your recommended JS library http://davidshimjs.github.io/qrcodejs/ might be better, I'll update the task to include the possible recommendation. Michael 1 Quote Link to comment Share on other sites More sharing options...
srn Posted February 13, 2020 Report Share Posted February 13, 2020 @Paul please see https://github.com/prgmrcom/otp-phpqrcode Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.