If I’m reading the spec correctly, strict SS cookies aren’t sent when you navigate from a third party site, so links to your site would show broken/unpersonalized pages when clicked. And lax SS cookies allow <link rel=prerender>, which is attackable. https://tools.ietf.org/html/draft-west-first-party-cookies-07#section-5.2 …
-
-
If I ran the world, I’d just turn off prerender altogether for now, rather than have prerendered pages potentially not be logged in when you navigate to them.
-
Er, third party prerender, that is. First party seems fine.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.