"No true Scotsman allows GETs with side effects" is not a strong argument It's n... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		oasisbob 89 days ago \| parent \| context \| favorite \| on: A proposal to restrict sites from accessing a user... "No true Scotsman allows GETs with side effects" is not a strong argument It's not just HTTP where this is a problem. There are enough http-ish protocols where protocol smuggling confusion is a risk. It's possible to send chimeric HTTP requests at devices which then interpret them as a protocol other than http.

bawolff 89 days ago [–]

Yes, which is why web browsers way back even in the netscape navigator era had a blacklist of ports that are disallowed.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact