zlacker

[parent] [thread] 3 comments
1. pdanpd+(OP)[view] [source] 2023-07-26 19:11:21
How?
replies(1): >>toyg+y2
2. toyg+y2[view] [source] 2023-07-26 19:21:26
>>pdanpd+(OP)
The whole point of WEI is that the site can choose to block any combination of browser and OS they see fit, in a reliable way (currently, browsers can freely lie). CURL and friends will almost immediately be branded as bots and banned - that's the stated objective.
replies(2): >>pdanpd+w5 >>snvzz+Z5
◧◩
3. pdanpd+w5[view] [source] [discussion] 2023-07-26 19:34:36
>>toyg+y2
How?

The page must first load, then it requests an attestation using js and sends it back to the server for further use (like a recaptcha token).

So for something like curl it could be no change.

https://github.com/RupertBenWiser/Web-Environment-Integrity/...

◧◩
4. snvzz+Z5[view] [source] [discussion] 2023-07-26 19:37:01
>>toyg+y2
It is more severe than that. The design favors a whitelist approach: Only browsers that can get the attestation from a "trusted source" are allowed. Browsers that cannot, don't.
[go to top]