| 05:21 | <annevk> | domfarolino: we don’t want to check the initial A, right? |
| 13:17 | <domfarolino> | annevk: right, but you’re saying we would? because at that time the algorithm was comparing location URL’s origin and request’s origin? |
| 13:40 | <domfarolino> | Hm I guess another issue is that it checks location URL before it is set |
| 19:16 | <annevk> | domfarolino: I’m not sure I understand what you’re getting at |
| 19:37 | <domfarolino> | annevk: Yeah sorry. Just trying to see why using the tainted origin flag is insufficient in the check you reviewed above. |