@skeptic_fx @kkotowicz How is XHR’ing the token (slide 43, step 2) a solution? If token is stored in HTML it’s already protected by SOP.
@skeptic_fx @kkotowicz Yeah but moving it to the HTML already solves that problem. Why is XHR needed?
-
-
@mathias@kkotowicz Agreed. That is for those who want cached apps. Nonetheless, putting inside HTML is the most preferred as I mentionedThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@mathias@kkotowicz Got it ! Its either 1 or 2 not both :)Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.