CardinalCary Cary
Reputation: 1
What is the reason that Piston needs to remove the OAuth keys from the request?
I posted the question in here as well but dont seem get answered.. https://bitbucket.org/jespern/django-piston/issue/194/what-is-the-reason-that-piston-needs-to
Upvotes: 0
Views: 45
Answers (1)
Evan Porter
Reputation: 2977
If I understand correctly, it's doing so for security purposes.
The Resource class handles authentication using the request object, then removes the OAuth headers from the request before the given handler is called. Generally, you'll want to limit the visibility of things like these. If you limit exposure of private information like keys, etc, you can potentially limit vulnerabilities.
Upvotes: 0
Related Questions
- Python connect to django piston
- Is Piston ready for OAuth?
- What is the right way to write a django-piston client?
- basic http authentication with django-piston
- I get a 400 Bad Request error while using django-piston
- Writing a Two-legged OAuth provider in Django
- How to write the django-piston handler to create and return ApiKey?
- Requesting Token via Django Piston Throws TypeError Exception
- Complete 'django piston with oauth support' example
- Django Piston issue - "oauth_user_auth() takes exactly 1 argument (2 given)"