-
Improvement
-
Resolution: Fixed
-
Normal
-
None
OAuth 2.0 endpoints should support only HTTS connections:
- https://critiquebrainz.org/ws/1/oauth/*
- https://critiquebrainz.org/oauth/authorize
and probably https://critiquebrainz.org/profile/applications/ (client secrets are exposed there).
Same thing is done in MusicBrainz: http://wiki.musicbrainz.org/Development/OAuth2 (not on http://musicbrainz.org/account/applications, I think we should fix this too).
- is a dependency of
-
CB-73 TLS support for CritiqueBrainz
-
- Closed
-