Open Ivan-Johnson opened 4 years ago
For any unencrypted HTTP request, the "token" header should be inspected. If it exists and its contents are a valid token, then that token must be invalidated.
For any unencrypted HTTP request, the "token" header should be inspected. If it exists and its contents are a valid token, then that token must be invalidated.