I read it the same way, and, yeah, this has enormous implications for the personalized web.
-
-
I think rel=canonical may help mitigate some badness; I think I read recently that browsers are starting to use the canonical url when you click the share button.
1 reply 0 retweets 1 like -
Replying to @xander76
I don't see how it helps. You need a single URL to stick on social media, but you want the response to that GET to include personalized content.
2 replies 0 retweets 1 like -
Replying to @wycats
Oh yeah, you're right. I'm not thinking through the scenarios correctly, and it's been quite a while since I've thought one of these through.
1 reply 0 retweets 2 likes -
Replying to @xander76
If this thread model holds, I suspect that the only solution is to fix (on probably some kind of opt in basis) the same origin holes that allow third party sites to make these GET requests in the first place.
1 reply 0 retweets 2 likes -
Replying to @wycats
Isn't that any use of cross-site anything that might load the resource into memory? It's hard for me to imagine a functioning web where GETs of cross-site scripts, images, etc. was disallowed. Or am I misunderstanding again?
3 replies 0 retweets 0 likes -
Replying to @xander76
It looks like the "lax" Same Site opt-in allows third party cookies but only when initiating a top-level navigation, which explicitly does not include things like iframes. Have to read the expected interaction with Spectre to see if it helps.
1 reply 0 retweets 1 like -
-
Argh. Lax same-site cookies sends cookies with <link rel="pretender"> on a third-party site AFAICT.https://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/ …
1 reply 0 retweets 1 like -
*prerender, not pretender
1 reply 0 retweets 0 likes
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.