RT @PortSwiggerRes: Stealing passwords from infosec Mastodon - without bypassing CSP
https://t.co/kXIqj3tpAU https://t.co/wFfyCViULT
@DavidsKanal @sayhello @canofsleep @ChromiumDev Seeing this responded to a 2020 thread; in 2022 you have different options, namely the Origin Private File System: https://t.co/b2i5IXAeNB.
@reconbot @cramforce @RReverser *Slaps roof of car*
TLS, or “That Little Sucker†as we call it here, this bad boy can fit so much client hints preferences in it…
@cramforce @RReverser @reconbot November 15, mid-Q4 OKRs check-in, we’re making good progr…, erm, wait, *record scratch*. Scrap our OKRs!
(I’m sorry to be the deliverer of great Web platform features straight to your Elon timeline…)
@cramforce @RReverser See https://t.co/fKCaeD9jHg and onward for some connection-level tricks to avoid a full round trip in some cases.
@cramforce @RReverser The retry request is only needed the _very_ first time. All future requests will then include the requested headers. I think it’s a nice compromise, especially given more such headers are specified (https://t.co/WctLYy5dDR) and add
@cramforce @RReverser `Critical-CH` is a thing since M91: https://t.co/VTylhEI1KT. The two headers:`Sec-CH-Prefers-Color-Scheme` shipped in M93 https://t.co/5DyC70rhzl, `Sec-CH-Prefers-Reduced-Motion` now ships in M108 https://t.co/Ls0wYJVeny. 😎
@cramforce @RReverser There’s critical client hints, which solves the cold-start issue: https://t.co/ZUV5JJMV9C. This is especially desirable for `Sec-CH-Prefers-Color-Scheme` and `Sec-CH-Prefers-Reduced-Motion. See https://t.co/qPx0pzQUx5 for the flow.