1.9 CLI does not support direct raw specification github.

I'll make that change. thanks and

It is insecure to send DC/OS auth token to anything but the admin router. cc Jan-Philip Gehrcke

That's correct, thanks for pointing this out here .

The dcos_url is user specified so it isn't necessarily pointing to a DC/OS cluster

I think an appropriate solution would be to take an approach similar to how browsers handle cookies. The auth token representation within the CLI should have a notion about the DC/OS base URL (i.e. scheme and network location) through which it was initially received. That token should never be sent along with an HTTP request that is targeted at URL that does not start with that DC/OS base URL.

We could check that the hostname matches the dcos_url before adding the auth header. The dcos_url is user specified so it isn't necessarily pointing to a DC/OS cluster, so this is best effort, but still an improvement over what we have now.

It is insecure to send DC/OS auth token to anything but the admin router. cc

This is a github error, they should be dropping the header and even if they don't a 404 is not the correct status code.

Since this bug only happens for github, I'd rather not hack around it. Also using github for storage isn't really recommended. Instead I'd run `dcos flink describe --app > file` and then `dcos marathon app add `file`.