Share this page!

Scott Helme Profile picture
Twitter logo
7 Dec, 4 tweets, 2 min read
Currently trying to sign in to AWS but it's borked so I decided to take a look around and found a buggy CSP. Image
They have defult-src 'none' and then specify allowed hosts, values in direct contradiction with each other. Image
Even Chrome knows it and, fortunately for them, ignores the 'none' keyword otherwise this page would look spectacularly awful. Image
Do I know anyone at @awscloud that can get this fixed up or pass it along to the right person to fix it?

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Scott Helme

Scott Helme Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Scott_Helme

Scott Helme Profile picture
9 Dec
It's been a while since I've had chance to sit down and produce a report on the security of the Top 1 Million sites, but thanks to @Venafi's support, the crawler project lives on and a brand new report is out! venafi.com/blog/crawler-r…
It takes a lot of resources to gather this data and a lot of time to analyse it all and write the report, so genuinely, it wouldn't have happened without them. There hasn't been a report for 18+ months so let's take a look at what changed! 😎
HTTPS adoption continues to surge 🔐📈

72% of sites in the Top 1M are now actively redirecting HTTP --> HTTPS 🤩

We're using more HTTPS right now than at any point in history... 😮 ImageImageImage
Read 9 tweets
Scott Helme Profile picture
6 Dec
I'm laughing and crying at the same because this is actually how it works 🤣😭
I also recall @zeeg once talking about customers on a $50/mo sub wanting custom legal terms / NDAs / security reviews etc... but I can't find the tweet. It'd take us years to recoup the cost of onboarding them.
The latest one today is "Dear Scott, we signed up to your service and now as our supplier your are required to x, y and z". Security questionnaire, supplier questionnaire, NDA, provide various compliance certs if we have them and they need our invoices in a different format 🤷‍♂️
Read 4 tweets
Scott Helme Profile picture
29 Sep
🚨🚨🚨 5 minutes until the Let's Encrypt R3 intermediate expires 🚨🚨🚨

29 September 2021 19:21:40 UTC
TANGO DOWN 😅
Are we still here?
Read 59 tweets
Scott Helme Profile picture
29 Sep
Working with @spazef0rze is never dull... 🤣 Image
Sadly, this change did not pass our stringent review process. Image
Well.... I really did ask for this didn't I... 🤣🤣 Image
Read 4 tweets
Scott Helme Profile picture
29 Sep
I bought a phone from a large retailer here in the UK and they shipped a faulty unit. These things happen, so I return it for a refund and they got it on 6th Aug: Image
They had no other phones of the same spec anyway so they said they were going to refund me. By 13th Aug, still no refund. Image
I chased a couple more times and by 14th Sep, still no refund! They say it will now take them 3-5 days to issue a refund: Image
Read 11 tweets
Scott Helme Profile picture
23 Aug
Are you using CSP on your website? You might be getting a patent infringement notice! Buckle up 😎 scotthelme.co.uk/i-turned-on-cs…
We're already working with the @EFF who will hopefully be able to support the cause here, but we need to know about other websites that have received this letter.
If you're legally and/or technically minded, perhaps you could take a look over the letter being sent out: drive.google.com/file/d/1p63IJ6…
Read 21 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @Scott_Helme has new unrolls!

Check out other threads from @Scott_Helme!

Read all threads by @Scott_Helme

:(