GitHub - ip2k/I-Dont-Care-About-HSTS-For-Localhost: Helps ease the pain of newer Chrome versions forcing HTTP Strict Transport Security for localhost, then caching via dynamic domain security policies if it ever works once, forcing HTTPS on local dev serv
Helps ease the pain of newer Chrome versions forcing HTTP Strict Transport Security for localhost, then caching via dynamic domain security policies if it ever works once, forcing HTTPS on local dev servers until "localhost" is manually reset via chrome://net-internals/#hsts every single time this happens. This installable policy for macOS fixes… License
Man-in-the-middle attack on mobile version of Facebook possible due to lack of HSTS header
Bartek Nowotarski TL;DR It was possible to eavesdrop a single request data, including cookies and fb_dtsg (CSRF token), during installation of any app in mobile version of Facebook App Center despite the fact that the user had "Secure Browsing" mode enabled in their Facebook settings. The bug is now fixed but the lack of HTTP Strict Transport Security header on Mobile Facebook makes it possible t
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
