Audience specified by the client #7

Open
download13 opened this Issue Sep 18, 2012 · 1 comment

Comments

Projects
None yet
2 participants

The docs specifically say that the audience should not be set by the browser.

https://developer.mozilla.org/en-US/docs/Persona/Security_Considerations

In line 54 it accepts the audience from the browser if one has not been set in the server options.

The readme for this repo needs to be updated in accordance with that article as well. "Only override this if you know what you're doing, the client side is a better place to configure this setting (if configured there, it will be used here)." is probably incorrect or incomplete now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment