Provide GitHub auth tokens in the Authorization header and not URL.
Review Request #10878 — Created Feb. 3, 2020 and submitted
GitHub has recently deprecated some aspects of their Authorizations API
and authentication methods, and one of those deprecations became very
public today. Review Board has historically provided the user's access
token in the URL, which is now deprecated and triggering e-mails from
GitHub warning about this deprecation.
The correct way forward is to use the
Authorizationheader to provide
this token. This change updates all our GitHub support to do this, and
to make note of a few places where upcoming deprecations will be
Tested all file retrieval operations (file existence checks, file fetching)
and repository browsing (fetching of branches and commits) by way of viewing
diffs and performing operations through the New Review Request page.
Tested linking a new account, with and without a registered GitHub OAuth
Tested editing account credentials, with and without a registered GitHub
Unit tests pass.