• Drew Blessing's avatar
    Verify confirmed email for OAuth Authorize POST endpoint · ea0de5fb
    Drew Blessing authored
    Similar to the recent change to require email confirmation/verification
    for the OAuth Authorize GET (:new) endpoint, require the same
    for the OAuth Authorize POST (:create) endpoint. This will prevent
    forcing a POST request to authenticate to an external service
    with an unconfirmed email address.
    ea0de5fb
security-dblessing-oauth-vuln-2.yml 106 Bytes