Devdatta Akhawe

So, I don't fully understand the Safari setup, but I believe once the Storage access API is requested, the app will still need CSRF protections within the frame, right? I.e.,...

Yeah.. I am talking about how the page can protect itself after user interaction and authorization for 3rd party cookie use. Unfortunately, the origin header isn't reliable for csrf protections....

yup .. iframe gets storage access and now wants to hit CSRF protected endpoints. I can't use samesite cookies; I have to do some of the other options (e.g., csrf...

Looking at the error, it seems to be an encoding issue. To confirm again, this is the test file that came with the repo? What does "file test" say? What...

I just pushed a commit that I believe should fix your bug. Can you try it (on both OSX and Debian) ?

Isn't href just hyperlink (e.g., it can refer to other areas of the document) and you still need a \url so that it breaks at the right places?

whoops, you are right. I will try to fix it sometime; patches welcome though :)

The script is a bunch of regexes really. As long as you know regexes, it should be easy. https://github.com/devd/Academic-Writing-Check/blob/master/checkwriting#L302 is the check you need to modify. `$regex` is just a...

I vote for closing it. I imagine there are other issues that we do need to discuss but we can file a new issue that is specific as needed.

hmm .. is this a bug in SRI or in the signatures + SRI part? If you are only talking about hashes and strongest, SRIv1 IIRC intentionally doesn't go into...