Had a quick chat with @arturjanc, et al. about some experiments his team is doing, using `Sec-Metadata` to power a firewall-like defense against some categories of attack. The initial results look encouraging!
-
Show this thread
-
You heard it here first: https://mikewest.github.io/sec-metadata/ is a silver bullet panacea against all ills!
1 reply 5 retweets 12 likesShow this thread -
Replying to @mikewest @arturjanc
immediate thought: won't this make curl use a hassle because I'll have to add Sec-Metadata, but I won't know what the server necessarily accepts? But missing Sec-Metadata may be from browsers before the standard, same as curl, so that's OK. It's *wrong* S-M that's guarded against
1 reply 0 retweets 0 likes
You're right -- web servers will have to support requests without `Sec-Metadata` because otherwise applications would break for users of browsers which don't send the header. Restrictions based on the value of S-M would only apply to user agents which send the header.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.