|
|
|
|
|
|
by int2e
6200 days ago
|
|
|
Yeah, XSSI has been well known for a while. This article's argument against using custom headers is a bit bunk. If you're not properly disabling proxy caching for sensitive data, you're asking for trouble anyways. Disabling caching properly is a bit tricky, but there are some useful details here: http://code.google.com/p/browsersec/wiki/Part2#Document_cach... |
|
|