ncjones
commented
2 years ago Only origins matching the ORIGIN variable will receive the access token. See https://github.com/vencax/netlify-cms-github-oauth-provider/blame/master/callback.js#L45.
Closed mbuxmann closed 1 year ago
ncjones
commented
2 years ago Only origins matching the ORIGIN variable will receive the access token. See https://github.com/vencax/netlify-cms-github-oauth-provider/blame/master/callback.js#L45.
vencax
commented
1 year ago Thanks @ncjones for perfect answer. Closing
I would just like to know whether there are any security risks involved, since my oauthprovider server can still be accessed with any browser and get a oath token? Wouldn't it be ideal to check from where the request is coming and then give it access or deny the request? In this case the only allowed it when I get a request from my domain and deny other domains?
Sorry I'm completely new to this.
If this is a concern, I wouldn't mind adding it to the project.