Announcements

Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

Topics with Label: Security

Labels

Forum Posts

Updating the Criteria for Web API Extended Access

Hey, I created this thread to get your feedback on our blog post around changes to the Web API extended access criteria, which will take place on May 15th. Please share any of your thoughts on this change in the comments below. All of your feedback w...

  • Spotify
  • Spotify
  • lukens
  • Regular
  • 6338 Views
  • 42 replies
  • 3 likes
  • Discussion
  • 6338 Views
  • 42 replies
  • 3 likes

Cross-Site Request Forgery (CSRF) Vulnerability in Spotify Logout Feature

Hello Spotify Team,I am writing to report a potential Cross-Site Request Forgery (CSRF) vulnerability within the Spotify platform, specifically related to the logout feature.For confidentiality reasons, I’m not providing further details in this messa...

  • Casual Listener
  • Hello Spotify Team, I am writing to report a potential Cross-Site Request Forgery (CSRF) vulnerability within the Spotify platform, specifically related to the logout feature. For confidentiality r...
  • medjahdi31
  • Casual Listener
  • 232 Views
  • 2 replies
  • 0 likes
  • Account Issues
    bug
    Security
  • 232 Views
  • 2 replies
  • 0 likes

Solved!! Dynamic CDN domains for images?

Gooday, I would like to ask if the CDN's where the images are hosted are always the same or change overtime? I'm using NextJS and need to whitelist these domains for my images.This is what I'm trying to do: https://nextjs.org/docs/api-reference/next/...

  • Newbie
  • ...ou provide me with a list all used domains for the images? Or put it in the documentation?   This would help with image optimization and security in apps.   Thanks.      
  • yashasewi
  • Casual Listener
  • 3254 Views
  • 2 replies
  • 2 likes
  • api
    cdn
    Images
    Security
  • 3254 Views
  • 2 replies
  • 2 likes

Possible security bug in the web api auth example from gitbub

I've cloned the code from: https://github.com/spotify/web-api-auth-examples and possibly found some security bug - but please correct me and explain why I'm wrong if that is the case. State is set in /login route to var state = generateRandomString(1...

  • Music Fan
  • I've cloned the code from: https://github.com/spotify/web-api-auth-examples and possibly found some security bug - but please correct me and explain why I'm wrong if that is the case.   S...
  • 562 Views
  • 0 replies
  • 0 likes
  • Security
  • 562 Views
  • 0 replies
  • 0 likes