|
|
|
|
|
|
by dspillett
888 days ago
|
|
|
> Hm, are you sure? From the article: > > Would render and execute all scripts on that page as if it was that user If there is a valid user ID (or other user/session identifier) in the request URL or body, but not valid auth cookies, the system may respond with a page that references the same scripts as the user would get but with no data. In that case the scripts would run (perhaps requesting further resources, directly or by placing things that reference them into the DOM, which is how they know the scripts ran) as they would for the user but just render a “no data” message where the information would be. |
|
|