top | item 46382420 (no title) louiskottmann | 2 months ago I appreciate that, but in the case of TLS or CSRF tokens the server is not blindly trusting the browser in the way Sec-Fetch-Site makes it. discuss order hn newest tptacek|2 months ago Sure it is. The same-origin rule that holds the whole web security model together is entirely a property of browser behavior. louiskottmann|2 months ago That's indeed a good example of prior full trusting of the browser by the server.
tptacek|2 months ago Sure it is. The same-origin rule that holds the whole web security model together is entirely a property of browser behavior. louiskottmann|2 months ago That's indeed a good example of prior full trusting of the browser by the server.
louiskottmann|2 months ago That's indeed a good example of prior full trusting of the browser by the server.
tptacek|2 months ago
louiskottmann|2 months ago