When using .publish and .usePost(True) we are still getting auth details in the querystring. It would seem this isn't appropriate. With minimal middleware from FastApi, this can lead to logging of (what I believe, but I could be wrong) auth tokens in the querystring. We'd like the use of post to post this sensitive information.