|
|
|
|
|
|
by noprocrasted
543 days ago
|
|
|
It's an actually really good system, as the origin (aka the domain displayed in your URL bar) changes during the redirect. The problem is the lack of user education as to what an "origin" is. But assuming there is good user education, this is the proper way to do it. One (untrusted) origin redirects you to a trusted one with instructions to give it some information. The trusted origin asks for your authentication and tells you what the untrusted origin is requesting. If you approve, the untrusted origin only gets the very specific data it requested (and you approved) and nothing else. |
|
|