Happy birthday to Let’s Encrypt !

Huge thanks to everyone involved in making HTTPS available to everyone for free !

  • pcouy@lemmy.pierre-couy.frOP
    link
    fedilink
    English
    arrow-up
    2
    ·
    10 hours ago

    Having a certificate for any subdomain has implications for other sibling domains, even without a wildcard certificate.

    By default, web browsers are a lot less strict about Same Origin Policy for sibling domains, which enables a lot of web-based attacks (like CSRF and cookie stealing) if your able to hijack any subdomain