- From: Willy Tarreau <w@1wt.eu>
- Date: Wed, 1 Apr 2015 22:09:35 +0200
- To: Max Bruce <max.bruce12@gmail.com>
- Cc: Jim Manico <jim@manico.net>, Michael Sweet <msweet@apple.com>, "Eric Vyncke (evyncke)" <evyncke@cisco.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On Wed, Apr 01, 2015 at 12:57:56PM -0700, Max Bruce wrote: > That's a great point. What about User-Agent checking? Yes, that's what Michael mentionned as well. I *believe* that some UAs send different values when a plugin performs a request, but I'm not 100% certain. That's clearly something to check for those who want to do this though. I find it fun to see people scared about cookie stealing at an era where some others are pushing hard for TLS everywhere. Either one is a problem of the past, or the other is ineffective against info leak :-) Willy
Received on Wednesday, 1 April 2015 20:10:07 UTC