Has anyone written up how to secure an unauthenticated localhost service? I've got Host check against DNS rebinding, CORB/CORP/COOP against Spectre, anything else? Maybe I should work in a secret path segment after all.
-
-
(Ah, a SameSite=Strict cookie, or I am back in the CORP / CSRF token requirement for CORB.)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.