Announcements

Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

Topics with Label: Security

Labels

Forum Posts

/playlists API Endpoint Issue Fixed

We wanted to provide an update regarding issues identified in the “/playlists” API endpoints. We have investigated the reported concerns of null results appearing in responses and have fixed the behaviour in the “/me/playlists” and “/users/{user_id}/...

  • Spotify
  • Spotify
  • AdrienCompDev
  • Casual Listener
  • 2306 Views
  • 9 replies
  • 1 likes
  • Possible Bug
  • 2306 Views
  • 9 replies
  • 1 likes

Cross-Site Request Forgery (CSRF) Vulnerability in Spotify Logout Feature

Hello Spotify Team,I am writing to report a potential Cross-Site Request Forgery (CSRF) vulnerability within the Spotify platform, specifically related to the logout feature.For confidentiality reasons, I’m not providing further details in this messa...

  • Casual Listener
  • Hello Spotify Team, I am writing to report a potential Cross-Site Request Forgery (CSRF) vulnerability within the Spotify platform, specifically related to the logout feature. For confidentiality r...
  • medjahdi31
  • Casual Listener
  • 147 Views
  • 2 replies
  • 0 likes
  • Account Issues
    bug
    Security
  • 147 Views
  • 2 replies
  • 0 likes

Solved!! Dynamic CDN domains for images?

Gooday, I would like to ask if the CDN's where the images are hosted are always the same or change overtime? I'm using NextJS and need to whitelist these domains for my images.This is what I'm trying to do: https://nextjs.org/docs/api-reference/next/...

  • Newbie
  • ...ou provide me with a list all used domains for the images? Or put it in the documentation?   This would help with image optimization and security in apps.   Thanks.      
  • yashasewi
  • Casual Listener
  • 2713 Views
  • 2 replies
  • 2 likes
  • api
    cdn
    Images
    Security
  • 2713 Views
  • 2 replies
  • 2 likes

Possible security bug in the web api auth example from gitbub

I've cloned the code from: https://github.com/spotify/web-api-auth-examples and possibly found some security bug - but please correct me and explain why I'm wrong if that is the case. State is set in /login route to var state = generateRandomString(1...

  • Music Fan
  • I've cloned the code from: https://github.com/spotify/web-api-auth-examples and possibly found some security bug - but please correct me and explain why I'm wrong if that is the case.   S...
  • 522 Views
  • 0 replies
  • 0 likes
  • Security
  • 522 Views
  • 0 replies
  • 0 likes