:sigh: another day, another website that hardcodes their @oauth_2 client secret in JavaScript 🤦‍♂️

Aug 1, 2019 · 5:36 PM UTC

1
5
Replying to @aaronpk @oauth_2
But they base64 encoded it, so that’s OK, right?
1
not even 😭 the variable is called "client_secret" and worse, it's a bank
1
more replies