Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better Spec Compliance #55

Open
avnr opened this issue Jul 23, 2015 · 1 comment
Open

Better Spec Compliance #55

avnr opened this issue Jul 23, 2015 · 1 comment

Comments

@avnr
Copy link

avnr commented Jul 23, 2015

http://tools.ietf.org/html/rfc6749#section-3.1.2.5:

The client SHOULD NOT include any third-party scripts (e.g., third-party analytics, social plug-ins, ad networks) in the redirection endpoint response.

Yet the demo's redirect page includes a call to Google Analytics. I know that RFCs' SHOULD NOT is not as severe as MUST NOT, but after all people may be using the demo as a template app and end up exposing tokens via the GA info chain.
@bshaffer
Copy link
Owner

Good catch! Wow, that's surprising, as from an analytics standpoint this is definitely important info to track.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bshaffer @avnr