zlacker

[parent] [thread] 2 comments
1. toyg+(OP)[view] [source] 2023-07-26 19:21:26
The whole point of WEI is that the site can choose to block any combination of browser and OS they see fit, in a reliable way (currently, browsers can freely lie). CURL and friends will almost immediately be branded as bots and banned - that's the stated objective.
replies(2): >>pdanpd+Y2 >>snvzz+r3
2. pdanpd+Y2[view] [source] 2023-07-26 19:34:36
>>toyg+(OP)
How?

The page must first load, then it requests an attestation using js and sends it back to the server for further use (like a recaptcha token).

So for something like curl it could be no change.

https://github.com/RupertBenWiser/Web-Environment-Integrity/...

3. snvzz+r3[view] [source] 2023-07-26 19:37:01
>>toyg+(OP)
It is more severe than that. The design favors a whitelist approach: Only browsers that can get the attestation from a "trusted source" are allowed. Browsers that cannot, don't.
[go to top]