This repository has been archived by the owner on Apr 7, 2020. It is now read-only.
Vulnerable to CSRF attack #36
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The implementation uses the the
redirect_urlasstateparam. The returnedstateis never checked anyway.stateshould be a random nonce to prevent CSRF attacks.The text was updated successfully, but these errors were encountered: