Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @mikewest
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @mikewest
-
Pinned Tweet
The more I hear people talking about `SameSite`, and trying to explain it to each other, the more I regret literally everything about the spelling choices we made in its design. Naming things is easier in retrospect.
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Mike West Retweeted
@ngalongc,@EdOverflow, and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover. https://blog.reconless.com/samesite-by-default/ …pic.twitter.com/5R23YmpksT
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Mike West Retweeted
The time has come to fix that typo in Referer ;)https://twitter.com/kcotsneb/status/1217856864999890945 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Not much snow, but just enough to have some fun with the kids this morning!pic.twitter.com/TfUzT9jnDQ
Thanks. Twitter will use this to make your timeline better. UndoUndo -
I think there's a lot of room for more collaboration between browser vendors and academia; this workshop (alongside IEEE Euro S&P in June) might be a good chance to kick off some new conversations!https://twitter.com/kcotsneb/status/1217856864999890945 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Mike West Retweeted


for all who have worked for a better web and a better world at Mozilla.Thanks. Twitter will use this to make your timeline better. UndoUndo -
Mike West Retweeted
Chrome plans to phase out support for third-party cookies. "Our intention is to do this within two years."https://blog.chromium.org/2020/01/building-more-private-web-path-towards.html …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
I'm excited about this. The UA string is a mess, somewhat fingerprintable, and legitimate use cases can be better and more clearly served by moving the information to an HTTPS-only client hint (a la https://wicg.github.io/ua-client-hints/ …).https://twitter.com/intenttoship/status/1217052813081161728 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
I'm quite happy with the effort that colleagues like
@KamilaHasanbega,@andypaicu, and others clever enough not to be on Twitter put into this set of changes, and I'm looking forward to additional changes across a wider swath of permission UX in 2020 as we learn from this launch.https://twitter.com/alexainslie/status/1214747059556741120 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Feedback would be welcome, either here or as issues/PRs filed on the GitHub repository: https://github.com/mikewest/csp-next/ …. Thanks!
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
It's like the CSP: The Good Parts. Most users would be well-served with a policy like `Scripting-Policy: nonce=number-used-once`, and I think even complex deployments can be supported with a limited set of options. We can keep it small and focused, with a clear threat model.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
I took some time to sketch out `Scripting-Policy` in a little more detail: https://mikewest.github.io/csp-next/scripting-policy.html …. I'm starting to think it might actually not be a terrible idea.https://twitter.com/mikewest/status/1150683169160663041 …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Mike West Retweeted
An amazingly well written description of the upcoming SameSite cookie enforcement in Chrome 80. If your org makes use of cross-origin cookie access, you’re running out of time to fix before Feb 4. https://www.troyhunt.com/promiscuous-cookies-and-their-impending-death-via-the-samesite-policy/ … Via
@troyhuntThanks. Twitter will use this to make your timeline better. UndoUndo -
I think I screwed up Chromium's layering of CSP on top of integrity metadata checks (https://github.com/w3c/webappsec-subresource-integrity/issues/44#issuecomment-566016981 …). :/ Perhaps this is a good time to follow through on adding `integrity` processing to inline script and style blocks?
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Mike West Retweeted
What is document.domain? What does it do? Why is it bad? (Thread)
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Every year, Spotify's "Your top songs!" list reminds me about my previous year's plan to separate _my_ account from the family's Sonos system. On the plus side, I can see exactly which "Bibi Blocksberg" and "Ritter Rost" stories the kids had on repeat... :)
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Behold: something vaguely like a mortice and tenon! Probably not a right angle on the whole piece...
Turns out, buying tools is not _exactly_ the same as knowing how to use them.pic.twitter.com/LSmx6M99JH
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Mike West Retweeted
Check out these Mozilla research grant questions, many of them focusing on security and privacy!https://twitter.com/jofish/status/1187524507394691072 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
My wife is about to be on a plane to Amsterdam, and I get to goof off with my kids until Tuesday.
Fair warning: I’ll be even worse at email than usual for the next few days.Thanks. Twitter will use this to make your timeline better. UndoUndo -
This is a nice presentation of the current XSLeaks state of the art. I'm hopeful about the defense mechanisms we're working on deploying across browsers, but side channels are everywhere. It's a hard set of problems we're going to be busy with for a while...https://twitter.com/tomvangoethem/status/1184487611903238144 …
Thanks. Twitter will use this to make your timeline better. UndoUndo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.