We tried this at GitHub on the Desktop team for a Hot Minute, this is why this existed - it quickly proved unworkable though which was a real drag because that integration between the website and Desktop app would've been really Great
-
-
-
I think it should "just work" these days, localhost should now be considered a secure origin and no tricks should be necessary to avoid any mixed content or similar restrictions.
- 3 more replies
New conversation -
-
-
Nope, looks like that was a real vulnerability. That one is expired and revoked - if they're still doing that with a new certificate, then it needs to be revoked too... haha, it never ends

- 3 more replies
New conversation -
-
Seriously
@SwiftOnSecurity I want to see your name on a CVE - request one :) - End of conversation
New conversation -
-
-
I tried to find that cert and whoopsie there's a very similarly looking domain name https://crt.sh/?id=2140336607 not revoked, wanna find that private key?
-
Maybe related to https://learn.davidsystems.com
End of conversation
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Logo and flashy name now pls
@SwiftOnSecurityThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
The certificate was issued by