|
|
|
|
|
|
by pvg
1913 days ago
|
|
|
Aren't you (magicbell) gaining the persistent ability to impersonate any HN user who installs this extension? That seems like a much more serious problem than someone being able to impersonate your magicbell hn notifications. It sounds like you're saying that because HN has no fine-grained oauth delegation, it's ok to silently hijack users' HN accounts. That can't be right. |
|
|