← Back to context

Comment by halapro

3 hours ago

If this is true, it's insane that this would work:

- why does CWS respond to cross-site requests?

- why is chrome sending the credentials (or equivalent) in these requests?

- why is the button enabled server-side and not via JS? Google must be confident in knowing the exact and latest state of your installed extensions enough to store it on their servers, I guess

5 comments

halapro

Reply
cxr  2 hours ago

It's not true. The person you're responding to has a habit of posting implausible-but-plausibly-plausible nonsense, and it's not how this works at all.

  • lapcat  2 hours ago

    I made the mistake of trying to skim the code hastily before I had to leave to run an errand, and yes it turns out I was wrong, but please refrain from the personal comments, and no, I don't have any such "habit."

    • cxr  1 hour ago

      Wrong again. (PS: The fact that you have now replied—which automatically disables comment deletion—is the only thing that prevented my removing it just now. So great job.)

      2 replies →