I posted the question in here as well but dont seem get answered.. https://bitbucket.org/jespern/django-piston/issue/194/what-is-the-reason-that-piston-needs-to
Asked
Active
Viewed 41 times
1 Answers
0
If I understand correctly, it's doing so for security purposes.
The Resource class handles authentication using the request object, then removes the OAuth headers from the request before the given handler is called. Generally, you'll want to limit the visibility of things like these. If you limit exposure of private information like keys, etc, you can potentially limit vulnerabilities.
Evan Porter
- 2,987
- 3
- 32
- 44