I spoke at #fronteers about the Dark Side of front-end performance.
Slides + video + Q&A + summary: https://dev.opera.com/blog/timing-attacks/ … #security
AFAICT `SameSite=strict` or even `SameSite=lax` would prevent this, yeah. As for your other question, I refer to @tomvangoethem ;)
-
-
If there's no user-specific 3rd-party content, there's nothing to extract :) Attacks using postMessage may still work tho
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.