This repository has been archived by the owner on Jan 24, 2019. It is now read-only.
Don't pass Referer header to protected server on call-back. #134
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Because it contains sensitive info from the callback.
e.g.
Referer: https://accounts.google.com/o/oauth2/auth?access_type=offline ......No big problem, but unnecessary.
The text was updated successfully, but these errors were encountered: