Thanks, that's a good point indeed. I prefer adding a console warning in
this case.
On Tue, Jul 2, 2019 at 9:23 PM Panos Astithas wrote:
> On Tue, Jul 2, 2019 at 6:16 AM Thomas Nguyen wrote:
>
>> DevTools bug: No
>>
>
> Wouldn't it be helpful to indicate such truncation in the console (as a
>
On Tue, Jul 2, 2019 at 6:16 AM Thomas Nguyen wrote:
> DevTools bug: No
>
Wouldn't it be helpful to indicate such truncation in the console (as a
warning) or network panel (with a request badge)? I can imagine developers
being confused about why the referrer header is not what they expect it to
Summary:
Servers often reject requests entailing an overly long `Referer` header.
Additionally, attackers can retain control over the header on `no-cors`
requests and force an error when fetching a subresource which allows them
to perform cache probing attacks by looking at the error event of the
3 matches
Mail list logo