js-sdk-contrib icon indicating copy to clipboard operation
js-sdk-contrib copied to clipboard

Published 20 hours ago verified publisher icon open-feature

OFREP providers don't encode flagKey

Open toddbaert opened this issue 5 months ago • 0 comments

It seems to me that we aren't properly encoding the /{flagKey} path segment in OFREP requests here.

This means that flags with certain characters in them / for example, will cause errors, and potentially present security issues.

We should encode this segment.

cc @juanparadox

toddbaert avatar Jul 03 '25 18:07 toddbaert