zlacker

[return to "Unpacking Google’s Web Environment Integrity specification"]
1. bloope+WH1[view] [source] 2023-07-26 18:25:36
>>dagurp+(OP)
Would this end up breaking curl, or any other tool that accesses https?
◧◩
2. fooyc+nJ1[view] [source] 2023-07-26 18:30:35
>>bloope+WH1
Yes it will
◧◩◪
3. pdanpd+bU1[view] [source] 2023-07-26 19:11:21
>>fooyc+nJ1
How?
◧◩◪◨
4. toyg+JW1[view] [source] 2023-07-26 19:21:26
>>pdanpd+bU1
The whole point of WEI is that the site can choose to block any combination of browser and OS they see fit, in a reliable way (currently, browsers can freely lie). CURL and friends will almost immediately be branded as bots and banned - that's the stated objective.
◧◩◪◨⬒
5. pdanpd+HZ1[view] [source] 2023-07-26 19:34:36
>>toyg+JW1
How?

The page must first load, then it requests an attestation using js and sends it back to the server for further use (like a recaptcha token).

So for something like curl it could be no change.

https://github.com/RupertBenWiser/Web-Environment-Integrity/...

[go to top]