So, @joshpeek, since y'all are my go-to experimental-thing-testers, any chance GitHub is interested in playing with https://tools.ietf.org/html/draft-west-first-party-cookies …?
@mikewest Why not block if toplevel and frame origin mismatch? means no protection for e.g. image search sites, correct?
-
-
@tehjh: It certainly leaves http://bank.com -> http://evil.com -> http://bank.com chains open. Is that what you mean? -
@mikewest Yes, exactly. Sent you a mail with an example :/
End of conversation
New conversation -
-
-
@mikewest IMO it's like the old X-Frame-Options issue where SAMEORIGIN is unsafe for image search pagesThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@tehjh: Practically? Because this is how third-party cookie/site-data blocking works in Chrome right now.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.