@avlidienbrunn In a JSON API that uses session cookies: is setting a custom header with a static value, together with validating the Origin header, enough for CSRF-protection?
-
-
..any ”neat tricks” if you xss a parent/sub/sibling domain?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.