Logbot | #sandstorm | kentonv> in web-session.capnp we added a header whitelist thing where you could specify arbitrary header names but they'd be filtered to a whitelist... but it immediately introduced a security problem. In retrospect I think we probably shouldn't have added it.

in web-session.capnp we added a header whitelist thing where you could specify arbitrary header names but they'd be filtered to a whitelist... but it immediately introduced a security problem. In retrospect I think we probably shouldn't have added it.

kentonv 06:14:19