In case anyone thought CSP2 paths solve the whitelist security problem... (nice find!)https://twitter.com/dotchloe/status/774512657642708992 …
-
-
Replying to @arturjanc
@dotchloe@avlidienbrunn This is a server bug and not a browsers bug, right? Who knows what the server might find to be "..".1 reply 0 retweets 0 likes -
It's only a bug in the context of CSP, which the server owner doesn't have to know about or support.
1 reply 0 retweets 0 likes -
Replying to @arturjanc @johnwilander and
Many servers don't use paths to designate hierarchy. Paths as a security mechanism is a CSP spec flaw
1 reply 0 retweets 0 likes -
Replying to @frgx
This one was Cloudlare CDN, I tested googleapis and it seems okay. But if it had this kind of bug we probably would.
11:27 AM - 10 Sep 2016
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.