.@mikewest re https://wicg.github.io/cors-rfc1918/ : see https://blog.lizzie.io/exploiting-CVE-2016-8606.html … (by @l_zzi_) - cross-protocol RCE via request path
this is about *cross-protocol* attacks. the server basically just ignores anything it doesn't understand, incl. the verb.
-
-
: I see. I missed that in skimming through
@l_zzi_'s post. File a bug against the document? I'll think about it on the way home. - End of conversation
New conversation -
-
-
: My initial reaction is that an additional "Are you an HTTP server?" preflight is a bridge too far based on one anecdote.
@l_zzi_Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
: But that might be underestimating the possible impact. *shrug*
@l_zzi_Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.