Mastodawn

I'm back to thinking about CSRF: why is it useful for sites to be able to embed resources (like <img src="othersite.com/whatever.jpg">) and for the browser to send the user's cookies to the third-party site?

There's "ads" and "tracking" obviously but I feel like there's another actually-useful-to-users reason I'm not thinking of

Show thread

ryan

@b0rk back in the day, it let you tune your serving workload so static assets could be served from boxes with ram and fs cache away from the dynamic/server-side page rendering (php, cold fusion, mod_perl, etc)