@asanso about oauth open redirects: what is the issue there? e.g. this also works: https://accounts.google.com/o/oauth2/auth?client_id=243086291405-p1p6s7gq8rtijh3g9cppo85rl5pf17gv.apps.googleusercontent.com&response_type=code&scope=openid%20email&redirect_uri=https://thejh.net/&state=security_token%3D138r5719ru3e1%26url%3Dhttps://thejh.net/&prompt=none …
@asanso okay, so it's not a fix for a vuln, just hardening under the assumption that this is the only open redirect?
-
-
@tehjh well an open redirect can always be handy :) http://andrisatteka.blogspot.ch/2014/09/how-microsoft-is-giving-your-data-to.html … specially if you know it is always there :)Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.