-
-
-
@justinschuh: Enough to require a preflight + non-wildcard ACAO for all web->RFC1918 requests?@BRIAN_____@fugueish@ericlaw@frgx@imelven -
-
I slapped https://mikewest.github.io/cors-rfc1918/ together this morning. WDYT,
@BRIAN_____@justinschuh@fugueish@ericlaw@frgx@imelven@sleevi_@dveditz? -
@mikewest@BRIAN_____@justinschuh@fugueish@ericlaw CORS doesn't prevent simple CSRF since req. Is made. Still want opt-in on top -
@dveditz: The proposal would force a preflight, which is the opt-in.@BRIAN_____@justinschuh@fugueish@ericlaw -
@mikewest@dveditz@BRIAN_____@fugueish@ericlaw I fear an enterprise holocaust with this version. Will give better feedback in a few days -
@justinschuh: Ok. I suspect that's not going to be unique to this approach, but I'm curious! :)@dveditz@BRIAN_____@fugueish@ericlaw - 9 more replies
New conversation -
-
-
@BRIAN_____@justinschuh@fugueish@ericlaw@benadida@frgx@mikewest@imelven CORS is Opt-Out; we need explicit Opt-In -
-
-
-
-
-
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.