4

The FCA is the financial services regulator in the UK.

Their website (handbook.fca.org.uk) makes use of an API with the hostname public-prod-api.azurewebsites.net and the certificate has no organisation information.

Also the JS has at least one "debugger" statement in it.

What is wrong with people?

If we set up our website like that, can we keep all of our regulatory permissions, or might some questions be asked about our horsemanship and pistol-shooting skills?

Comments
  • 1
    Hey good on them for grabbing an app service called public-prod-api, those names need to be globally unique.
  • 0
    @spongessuck Probably went something like "gib or else"

    Report it and see if you get a bounty reward or the cops knocking on your door for making the dev feel bad ;P
Add Comment