-
-
@BRIAN_____: Yes. Empirically, that seems prove to be a bad assumption. It's only going to get worse with unupdatable IoT@frgx@justinschuh -
@mikewest sigh. empirically, many web apps also have csrf@BRIAN_____@justinschuh -
@frgx: Indeed. So, shall I put you down for preflights for everything? :) *shrug* Routers are special.@BRIAN_____@justinschuh -
@mikewest@frgx@justinschuh How are routers special? -
@BRIAN_____: Corrupting the router persistently screws the user in a way they probably can't recover from.@frgx@justinschuh -
@mikewest@frgx@justinschuh OTOH, this only protects against accessing the admin interface from LAN, not WAN, but it's the same (bad) code. -
@BRIAN_____: You usually (I hope?) have to turn on WAN access explicitly. With luck, folks don't do that.@frgx@justinschuh
End of conversation
New conversation -
-
-
@mikewest@frgx@justinschuh I also found it confusing about whether the document intends to apply to only subresource requests or also nav. -
@BRIAN_____: Both, which is why@justinschuh is right about the new header.@frgx
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.