Remove FB.setAccessToken and warn when accessToken option is set on global `FB`
dantman opened this issue · 0 comments
dantman commented
FB.setAccessToken
is very dangerous. Someone who doesn't understand the async nature of Node may use FB.setAccessToken
in a web request not knowing that this will leak the access token to other requests.
The only valid use for FB.setAccessToken
is for things like command line scripts where you know that there is only one access token/user. However for these scripts it's fairly easy to just const FB = new Facebook({accessToken: ...});
.
As such I think it would be a good idea to remove setAccessToken
and emit a warning when accessToken
is set through FB.options
on the global instance.