Discovered an app was using redux, need to debug it, so I injected a console.log to log all actions :Dpic.twitter.com/SO7LSk5EhF
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
That's my perspective, but lots of people continue to try to defend the "authenticated JS code" perspective, which is ridiculous.
does that mean that JS code served to a page came from a secure place, or the contents that JS has in memory is secure?
It means content that contains secret data based on cookies or http auth headers.
Again I *think* we're on the same page, but... isn't that every website? You login and it sets a cookie, and you're authenticated
HTML content might contain secret data and is reasonably protected by SOP. JS content is poorly protected and shouldn't contain secrets.
If your web app has require.registry or something like that and has authed secret content, any third party can get the AUTHED content.
The only reasonable way to program in JS on the web is to keep secret content OUT of JS.
Secret meaning something like a cookie, where a 3rd party could steal & do own requests... or just priv info, like twitter DMs?
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.