web-based git clients would be great but CORS keeps getting in the way for some reason? idk how that thing works I just know I can’t get git to work even with no-cors so that’s a problem.
web-based git clients would be useful for:
- running from master
- letting the user browse git repos without putting everything through a proxy and wasting server-side bandwidth.
- among other things
besides we can already do password mining with no-cors thanks to timing side-channels you can just load a bunch of browsers up with malicious JS and let them mine passwords through the completely unsafe form upload API that can be infinitely automated??? who thought this was a good idea. HTML form submission can’t be trivially automated like this because it actually navigates away from the page.