Comment by tptacek
6 years ago
This is sort of fair as a statement of principles but I think OAuth2 gets you into the same kind of trouble with special security status for the fragment.
6 years ago
This is sort of fair as a statement of principles but I think OAuth2 gets you into the same kind of trouble with special security status for the fragment.
Yes. I’m debating in my head who is correct here. Maybe Oauth2 is colouring my judgement a bit but I feel the fragment should NOT be sent to the server unless there are extremely good reasons. Let’s try to keep the understanding of what happens to certain things consistent even if we have the power to abuse them.