Max 131 Report post Posted May 12, 2014 Currently you use chart.googleapis.com to generate a QR code of the secret seed value used for TOTP. Besides the question whether it is a good idea to share your secret seed with Google, using an external service also means you cannot control the response headers send, and therefore cannot do anything to prevent the image ending up in the user's browser cache, which is also undesirable. Either let Blesta generate the QR code in PHP code and set proper response header for both the image and page it is on. Or let the browser generate a QR code with random seed in Javascript, with a library like: http://davidshimjs.github.io/qrcodejs/ Quote Share this post Link to post Share on other sites
Paul 4,902 Report post Posted January 10, 2017 We previously create CORE-2078 to address this. (Sorry, the task is private). In the task https://github.com/Bacon/BaconQrCode is recommended for use in generating the QR code. Your recommended JS library http://davidshimjs.github.io/qrcodejs/ might be better, I'll update the task to include the possible recommendation. 1 Blesta.Store reacted to this Quote Share this post Link to post Share on other sites
srn 6 Report post Posted February 13 @Paul please see https://github.com/prgmrcom/otp-phpqrcode Quote Share this post Link to post Share on other sites
