Y
Hacker News
new
|
ask
|
show
|
jobs
by
vbernat
3626 days ago
It says that API requests using TLS are not vulnerable. However, many applications won't do the appropriate certificate checking. If HTTP_PROXY is set to a mitm proxy, it can succeed.
1 comments
kpcyrd
3626 days ago
The reason why they aren't affected is that you need to set HTTPS_PROXY for
https://
link
lucb1e
3626 days ago
I could imagine not all applications doing that, though.
link