(vivaldi.com)

756 points dagurp | 1 comments | 26 Jul 23 11:30 UTC | HN request time: 0s | source

Show context

bloopernova ◴[26 Jul 23 18:25 UTC] No.36882508[source]▶

>>36875940 (OP) #

Would this end up breaking curl, or any other tool that accesses https?

replies(3): >>36882597 #>>36883468 #>>36885184 #

fooyc ◴[26 Jul 23 18:30 UTC] No.36882597[source]▶

>>36882508 #

Yes it will

replies(1): >>36883267 #

pdanpdan ◴[26 Jul 23 19:11 UTC] No.36883267[source]▶

>>36882597 #

How?

replies(1): >>36883425 #

toyg ◴[26 Jul 23 19:21 UTC] No.36883425[source]▶

>>36883267 #

The whole point of WEI is that the site can choose to block any combination of browser and OS they see fit, in a reliable way (currently, browsers can freely lie). CURL and friends will almost immediately be branded as bots and banned - that's the stated objective.

replies(2): >>36883609 #>>36883638 #

1. snvzz ◴[26 Jul 23 19:37 UTC] No.36883638[source]▶

>>36883425 #

It is more severe than that. The design favors a whitelist approach: Only browsers that can get the attestation from a "trusted source" are allowed. Browsers that cannot, don't.

↑

Unpacking Google’s Web Environment Integrity specification