|
|
|
|
|
|
by dane-pgp
1614 days ago
|
|
|
It's worth noting that a takeaway message from this is "A strict CSP policy would completely prevent this attack, as long as Chrome supports the `prefetch-src` directive." Unfortunately the ticket for implementing that (or taking the implementation out from behind its flag) is still open and has just had its 4th birthday. https://bugs.chromium.org/p/chromium/issues/detail?id=801561 |
|
|