@aaronpk But OBS is free
@rabble @aaronpk i'm more curious about how you set up cross-posting tbh; the "Applications model" page in their docs has a reasonable example to create a post but i wish there was more detail about each method. i post a lot of pics and it seems like there's support for blob uploads but i can't find documentation on how to hook everything together
True, but it would be tricky.
Wouldn’t the attacker have find a way to extract the
code_verifier from local storage and pass it along with the hijacked redirect?
They would have to somehow have the ability to write custom js code on the path they are redirecting to. I guess this is possible on sites that don’t sanitize user inputs.