>Claude's output was thoroughly reviewed by Cloudflare engineers with careful attention paid to security and compliance with standards.
>To emphasize, this is not "vibe coded". Every line was thoroughly reviewed and cross-referenced with relevant RFCs, by security experts with previous experience with those RFCs.
>The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp, did not correctly validate that redirect_uri was on the allowed list of redirect URIs for the given client registration.
>Claude's output was thoroughly reviewed by Cloudflare engineers with careful attention paid to security and compliance with standards.
>To emphasize, this is not "vibe coded". Every line was thoroughly reviewed and cross-referenced with relevant RFCs, by security experts with previous experience with those RFCs.
Some time later...
https://github.com/advisories/GHSA-4pc9-x2fx-p7vj / CVE-2025-4143
>The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp, did not correctly validate that redirect_uri was on the allowed list of redirect URIs for the given client registration.