Baldur Bjarnason

... works as a web developer in Hveragerði, Iceland, and writes about the web, digital publishing, and web/product development

These are his notes

“Exploiting CSP in Webkit to Break Authentication & Authorization”

In every project I’ve worked on Oauth/SSO has been nothing but hassle, largely due to the difficulty of securing the redirects. Not supporting SSO is rarely an option, tho