Merge pull request #67 from contentful/auth-header

fix: Send access token as a header instead of querystring parameter

Author: trodrigues

lib/create-http-client.js

@@ -1,4 +1,3 @@
-import qs from 'querystring'
 import version from '../version'
 
 /**
@@ -19,6 +18,7 @@ export default function createHttpClient (axios, {space, accessToken, insecure,
   hostname = hostname || 'cdn.contentful.com'
   port = port || (insecure ? 80 : 443)
   headers = headers || {}
+  headers['Authorization'] = 'Bearer ' + accessToken
   headers['Content-Type'] = 'application/vnd.contentful.delivery.v1+json'
   headers['X-Contentful-User-Agent'] = 'contentful.js/' + version
 
@@ -29,10 +29,6 @@ export default function createHttpClient (axios, {space, accessToken, insecure,
   return axios.create({
     baseURL: `${insecure ? 'http' : 'https'}://${hostname}:${port}/spaces/${space}/`,
     headers: headers,
-    agent: agent,
-    params: {
-      access_token: accessToken
-    },
-    paramsSerializer: params => qs.stringify(params)
+    agent: agent
   })
 }