we are lucky to have @sirdarckcat hack the shit out of under us until things are protected-ish.
-
-
AMP is a very special case. CSP is like the fifth defense layer if I count right :-)
1 reply 0 retweets 0 likes -
Replying to @sirdarckcat
wait wait.. are you saying csp is a useful defense layer?
Cc @cramforce@johnwilander1 reply 0 retweets 0 likes -
A thin mint crisp layer. Seriously though, I consider it significant hardening.
1 reply 0 retweets 1 like -
For AMP I do think CSP whitelists help. But they also have sandbox domains, an HTML sanitizer, and audits
1 reply 0 retweets 0 likes -
Replying to @sirdarckcat
As do many other CSP adopters. Maybe bigger problem is the meme CSP => you don't have to do anything else CC
@johnwilander2 replies 0 retweets 0 likes -
Replying to @frgx @sirdarckcat
personally, this is why I am wayyyy more excited about suborigins
@johnwilander1 reply 0 retweets 2 likes -
Replying to @frgx @johnwilander
Definitely! Can't +1 that enough. Suborigins are my personal favorite too.
1 reply 0 retweets 0 likes -
Crazy idea: let's make it so that CSP and Suborigins *aren't* mutually exclusive! Hmm, wait a minute...
2 replies 0 retweets 1 like -
lol.. of all people, I feel like I am the last one to consider them mutually exclusive ;)
1 reply 0 retweets 0 likes
I know :P I also prefer the idea of suborigins, but the concepts are so different there is room for both.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.