I haven’t read the spec in a long while..but if it can help folks with the `/admin` problem, 
-
-
Replying to @patricktoomey @arturjanc
I can think of a few million ways GitHub can leverage suborigins :)
2 replies 0 retweets 7 likes -
please share that; browsers need to know!
1 reply 0 retweets 0 likes -
Browsers need to figure out what Suborigins are. So far, I’m not sure we have. :(
1 reply 0 retweets 6 likes -
Suborigins are easy to understand for users, even if not straightforward to implement/spec. Use cases can show why this effort is worth it.
4 replies 0 retweets 0 likes -
Replying to @arturjanc @mikewest and
@patricktoomey we were thinking of using this for raw pages too, right? Where everything is it's own origin?1 reply 0 retweets 0 likes -
Replying to @ndm @arturjanc and
Yeah,seems a nice last line of defense.
@arturjanc-doesn’t google do something like this for user content by generating a random subdomain?1 reply 0 retweets 0 likes -
Replying to @patricktoomey @ndm and
Yes, we have *.googleusercontent.com for that. But the infrastructure for it is quite tricky (hard for small sites), and the URLs are ugly.
1 reply 0 retweets 1 like -
-
Replying to @patricktoomey @arturjanc and
I’ve considered implementing the same subdomain setup for GitHub, but feel like suborigins would be the cleaner implementation long term.
1 reply 0 retweets 0 likes
Definitely. We also considered CSP: sandbox delivered as an HTTP header for this case, but that introduces a whole slew of other problems.
-
-
Replying to @arturjanc @patricktoomey and
don't get me started; we shipped this (see http://www.dropbox.com/enterprise ) but its super hacky.
0 replies 1 retweet 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
.