Honestly, where are the Google security people who give us so much trouble everywhere else:https://daringfireball.net/linked/2017/05/29/russian-amp-phishing …
How would Google security feel about exposing raw sockets to these "vetted" sites?
-
-
Roughly as they would to exposing them to a random YouTube video. UGC is a thing. the security boundary is at a lower level than domain.
-
Interesting. A different security model than origins?
-
The content origin is $originalOrigin.cdn.ampproject.org
-
How does Chrome know that's the origin?
-
Because it understands how iframes work. Not sure I understand the question.
-
I see. So relying on iframes to change the origin without a user-visible signal. I'm glad to hear support for iframes in the platform

-
For a legacy feature everyone wants to kill, we're sure getting a lot of security mileage out of 'em.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.