I've worked on multiple CSRF mitigations in my time on the Rails security team and if GET requests are really now vulnerable to the extent that Google is suggesting using randomized URLs or CSRF tokens, this shit is about to get real.
-
-
On the "bright" side, the disclosure paper by Project Zero is pretty readable and offers a decent intuition for what's happening.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
100% Fair. It's all so overwhelming.
-
We probably need to work it out in a matter of days, even with the browser mitigations. I'm not on the Rails security team anymore but I hope they're looking into this ASAP.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.