Idea we've been toying with: How about allowing anonymous (i.e. no credentials or cookies) cross-origin XHR/fetch? Note: This assumes additional guard rails for localhost/intranet/non-routables, plus a simple opt-out.
iirc there are ISPs that serve data about the active connection to unauthenticated HTTP clients based on source IP. you'd end up making that publicly accessible, right?
-
-
Would it? I know AT&T does this sort of thing, but it starts with a handshake that sets a cookie on the client. So, in the scenario I'm talking about that cookie wouldn't get set, thus the handshake fails and you couldn't be logged in.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.