|
|
|
|
|
|
by joshstrange
2432 days ago
|
|
|
My guess would me as a sort of "signoff" from the person hosting the JSON that refl.me is approved to use their endpoint. It sidesteps a slew of abuse issues by either knowing it's a feed you own OR a feed you are re-hostings/proxying and so the liability rests with you. In my mind it's in the same category as google throwing garbage or while(1){} loops at the start of their JSON responses to prevent XSS JSON reflection attacks. I know it's not the same thing at all but idk, thats what comes to mind for me. EDIT: Of course I think of a better comparison as soon as I hit submit: Sort of like LetsEncrypt looking for a .well-known/acme-challenge to validate your domain. |
|
|