Mastodawn

Julia Evans Feb 3

which browser security features do you find the hardest to use correctly?

very interested in "other" responses too, I could only include 4 options in the poll

CORS

51.6%

Cookie security settings (HttpOnly etc)

5.3%

Content-Security-Policy

41%

Other

2.2%

Poll ended at Feb 4 at 3:51pm.

Show thread

JA

@b0rk Voted CORS because people forget that browser will perform the actual network request in non-preflight requests, the client just can't read the result (this often used to lead to CSRF before samesite cookies adoption).