If the service you are proxying offers authentication based on token within cookies, does that mean that you will have access to tokens hosted on the client side? Should you disclose a potential security risk to them (same for credentials interception)?
No comments yet.