https://bugzilla.wikimedia.org/show_bug.cgi?id=69232
--- Comment #2 from Chris Steipp <[email protected]> --- I think Brad and Aaron are both there. I'm not. I forgot to comment on this one, but I'm solidly maybe on this. Silent redirects make me a little nervous since they've been used, along with other vulnerabilities, to silently exploit the other vulnerability. Requiring a user click makes another vulnerability much harder to exploit.. but I can definitely see the use in several scenarios. At the least, I've been thinking about setting up an alternate endpoint for Consumers that are only meant for login, and the text would say something more like "Login to XXX" instead of asking for authorization. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
