I seriously don't get this at all. Are you saying you want to write web apps in C and compile it webasm to obscure everything?
-
-
It seems hard to keep state out that comes from an authenticated source. Like... how do you build account-based apps?
-
Not sure if I'm following correctly here, but are you suggesting that JS should always go to the DOM to fetch secret values rather than mem?
-
I'm suggesting it should come from another source, either HTML, JSON, or whatever, and not be included in the JS source itself.
-
I'd be down with a CSP-style rule where JS must be static (same hash each run for everyone)
-
or we could just disallow credentialed CORS for modules!
-
Oh, that'd be sweet! Any strong resistance to that?
-
I'm not sure, but I think writing up what I said more formally and then proposing something concrete would allow us to find out!
-
Hm, okay; if it's just cross-origin loading of privileged information in JS, then, yes, obviously not a good practice
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
