[Service Workers] New APIs = New Vulns = Fun++ https://sirdarckcat.blogspot.com/2015/05/service-workers-new-apis-new-vulns-fun.html …
@sirdarckcat @frgx @jaffathecake : the attack needs CORS set on the content to display, which'd allow XHR from page to do same
-
-
@slightlylate@frgx@jaffathecake wait, which attack? the one that needs CORS is the redirect one (although, CORS on the attacker's site)Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@sirdarckcat@frgx@jaffathecake : regarding XSRF, will think harder on it. You make a good point: cache exp is up to app for better/worseThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.