I'm not sure how null == false is a security fail in this case... if false were passed, the same effect would have happened. If false were the default for null, etc. In any case, it could have thrown an error, but this would have broken behavior.
This is an instance where the wrong default were passed, it has nothing to do with truthy/falsy in JS. In enterprise environments where you are mitm'd through your corporate transparent proxy, that's the behavior you want/need much of the time.
tracker1 2907 days ago. link 1 point ▲ ▼