From 2eae3b8266eb829c9159dada53ff883e8486a818 Mon Sep 17 00:00:00 2001
From: Knut Ahlers <knut@ahlers.me>
Date: Sun, 11 Jul 2021 16:13:29 +0200
Subject: [PATCH] SEC: Remove token from URL after reading

Signed-off-by: Knut Ahlers <knut@ahlers.me>
---
 app.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app.js b/app.js
index ccfbfb5..824aaab 100644
--- a/app.js
+++ b/app.js
@@ -290,6 +290,7 @@ new Vue({
   mounted() {
     this.twitchToken = new URLSearchParams(window.location.hash.substr(1)).get('access_token') || null
     if (this.twitchToken) {
+      window.location.hash = '' // Remove token from hash for security
       this.initChart()
     }
   },