I agree in Morgan's assessment in comment #4, this is a pretty severe data leak.
I'm not sure what the rules are on using redirects, but I wouldn't be opposed to using that as a fix. Especially since it reduces duplication in API that should behave the same.
I agree in Morgan's assessment in comment #4, this is a pretty severe data leak.
I'm not sure what the rules are on using redirects, but I wouldn't be opposed to using that as a fix. Especially since it reduces duplication in API that should behave the same.