zlacker

[parent] [thread] 4 comments
1. fooyc+(OP)[view] [source] 2023-07-26 18:30:35
Yes it will
replies(1): >>pdanpd+Oa
2. pdanpd+Oa[view] [source] 2023-07-26 19:11:21
>>fooyc+(OP)
How?
replies(1): >>toyg+md
◧◩
3. toyg+md[view] [source] [discussion] 2023-07-26 19:21:26
>>pdanpd+Oa
The whole point of WEI is that the site can choose to block any combination of browser and OS they see fit, in a reliable way (currently, browsers can freely lie). CURL and friends will almost immediately be branded as bots and banned - that's the stated objective.
replies(2): >>pdanpd+kg >>snvzz+Ng
◧◩◪
4. pdanpd+kg[view] [source] [discussion] 2023-07-26 19:34:36
>>toyg+md
How?

The page must first load, then it requests an attestation using js and sends it back to the server for further use (like a recaptcha token).

So for something like curl it could be no change.

https://github.com/RupertBenWiser/Web-Environment-Integrity/...

◧◩◪
5. snvzz+Ng[view] [source] [discussion] 2023-07-26 19:37:01
>>toyg+md
It is more severe than that. The design favors a whitelist approach: Only browsers that can get the attestation from a "trusted source" are allowed. Browsers that cannot, don't.
[go to top]