You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The redirect is convenient, but if you're using authentication headers, the fact that the web server processes the request can lead to insecure behavior: developer sends secret token over HTTP, and if the client library automatically follows redirects, everything works, but the token was exposed.
I suggest you respond with 403 when using authentication, similar to what you do with non-GETs.
The text was updated successfully, but these errors were encountered:
The redirect is convenient, but if you're using authentication headers, the fact that the web server processes the request can lead to insecure behavior: developer sends secret token over HTTP, and if the client library automatically follows redirects, everything works, but the token was exposed.
I suggest you respond with 403 when using authentication, similar to what you do with non-GETs.
The text was updated successfully, but these errors were encountered: