|
|
|
|
|
|
by Aissen
2787 days ago
|
|
|
I think it's only true as long as every *.micro.blog subdomain is properly isolated, and you can't access cookies/sessions from micro.blog (e.g post/comment as someone else, if there's no CSRF token). I haven't checked, but hopefully it's the case here. See:
https://security.stackexchange.com/questions/95369/persisten... |
|
|