OAuth origin filter
The OAuthClientOriginCheckFilter
now checks that the HTTP request Origin header matches the one allowed for the client.
It currently does a check if allowedOrigins.isEmpty()
.
Please add the else
part that will check that there is no Origin header. That means that this client may not be used from browsers.