If everyone agreed that JS code on the internet should be considered public and should never include authenticated content we'd agree 
I don't mean that the JS can't *see* authed data, but rather than the JS shouldn't *contain* any.
-
-
Thanks for explaining! Yes I definitely agree about that. Original tweet didn't contain any, just saw it
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I hadn't thought about that specific attack vector before
-
to be clear I don't think anyone is directly, concretely and specifically making an argument for auth'ed modules, but it's a consequence 1/
-
of some things people have said, and "WAT Y U REMOVE IMPORTANT WEB FEATURE" is an easy knee-jerk here. 2/2
End of conversation
New conversation -
-
-
Does caching count?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.