It relies on a header, which can't be set through the attack vector, so it's all... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dhh on Dec 11, 2013 \| parent \| context \| favorite \| on: Server-generated JavaScript responses It relies on a header, which can't be set through the attack vector, so it's all kosher.

homakov on Dec 11, 2013 [–]

Since we are on the same page, could you help me in this discussion with nzkoz? https://github.com/rails/rails/issues/11509 we're talking about different things

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact