K
Kirby
Guest
Starting a connected account association is done via
Example
Start associate account with Google
Suggested Mitigation
Only start the process with
Continue reading...
GET, this allows to trick users into clicking a link that starts a connected account association which they might not want to perform.Example
Start associate account with Google
Suggested Mitigation
Only start the process with
POST, if called via GET show a confirmation (or an error if it's not a navigational request).Continue reading...