Max Posted May 12, 2014 Report Posted May 12, 2014 Currently you use chart.googleapis.com to generate a QR code of the secret seed value used for TOTP. Besides the question whether it is a good idea to share your secret seed with Google, using an external service also means you cannot control the response headers send, and therefore cannot do anything to prevent the image ending up in the user's browser cache, which is also undesirable. Either let Blesta generate the QR code in PHP code and set proper response header for both the image and page it is on. Or let the browser generate a QR code with random seed in Javascript, with a library like: http://davidshimjs.github.io/qrcodejs/
Paul Posted January 10, 2017 Report Posted January 10, 2017 We previously create CORE-2078 to address this. (Sorry, the task is private). In the task https://github.com/Bacon/BaconQrCode is recommended for use in generating the QR code. Your recommended JS library http://davidshimjs.github.io/qrcodejs/ might be better, I'll update the task to include the possible recommendation. Michael 1
srn Posted February 13, 2020 Report Posted February 13, 2020 @Paul please see https://github.com/prgmrcom/otp-phpqrcode
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now