Y
Hacker News
new
|
ask
|
show
|
jobs
by
jbert
6419 days ago
You could specify that you expect the referenced resource to be served with a given ETag. Would that be good enough?
1 comments
litewulf
6419 days ago
ETags can be arbitrary, the server can put whatever it wants.
link
jbert
6418 days ago
Ah, yes. An attacker could fetch the resource themselves, discover the ETag and serve their malicious resource with the real ETag. Sorry.
link