@mathias @kkotowicz Yes. But the token is inside the JS file which has a static URL. That is another reason, I talked about ..
@skeptic_fx @kkotowicz How is XHR’ing the token (slide 43, step 2) a solution? If token is stored in HTML it’s already protected by SOP.
-
-
-
@skeptic_fx@kkotowicz Yeah but moving it to the HTML already solves that problem. Why is XHR needed? - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.