ZB talks about yet another really interesting supply chain ecosystem security concern
Spoiler alert: as always, this results in another wonderful LavaMoat security tool so you can protect yourself against this one too 🫡
Yoav was the one who helped me navigate attempting to introduce new stuff into our web, it's worth reading his summary of the process
"iframes can either share the origin of their embedder or not. While XO iframes are useful and well-used across the web, what are SO iframes used for? Aside for malicious ways to use such iframes, are there any legitimate use cases for them?"
weizmangal.com/2024/12/04/s...
Guided by @yoav.ws and other great folks on the same origin concern, I had to get my hands dirty with all sorts of web-related things such as Chromium source code, SOP implementation, same vs cross origin iframes usage across the web and more
Decided to turn it into a post👇
Tell it it’s wrong, always works for me
