Comment 9 for bug 1555590

Hey Stuart,

Sorry, I've re-read and looks like the sanitizing the location bit might have missed the point. Basically what we're saying is that the auth token is passed to a potentially user controlled Swift. Would it be possible to check the location and only pass the token for whitelisted Swift stores or is this un-necessarily complicated?