Ah, yes. An attacker could fetch the resource themselves, discover the ETag and ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

jbert on Nov 28, 2008 | parent | context | favorite | on: "Mixed content warning", how I loathe thee

Ah, yes. An attacker could fetch the resource themselves, discover the ETag and serve their malicious resource with the real ETag. Sorry.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact