.@mikewest re https://wicg.github.io/cors-rfc1918/ : see https://blog.lizzie.io/exploiting-CVE-2016-8606.html … (by @l_zzi_) - cross-protocol RCE via request path
pre-preflight without any user-controlled headers for nonstandard ports? "hi, are you an HTTP server?" @l_zzi_
-
-
no Host, empty request path, no Referer, no Origin, ...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.