alt Hacker NewsHmm… by setting the verified=1 cookie on every request to the website?
Am I missing something here? All this does is set an unencrypted cookie and reload the page right?
Hmm… by setting the verified=1 cookie on every request to the website?
Am I missing something here? All this does is set an unencrypted cookie and reload the page right?
They could, but if this is slightly different from site to site, they’ll have to either do this for every site (annoying but possible if your site is important enough), or go ahead and run JS (which... I thought they do already, with plenty of sites still being SPAs?)