Validate yo' message origins.https://twitter.com/almroot/status/836874262900326401 …
if (event.origin.match(/paypalobjects\.com/i) || event.origin.match(/paypal\.com/i) || config.devMode || [...]) {
-
-
I guess the lesson here is that APIs should let the developer specify a security policy instead of letting the developer do it?
End of conversation
New conversation
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.