đ Node [[story time]]
đ Story-time.md by @enki
Story time!
In the late 1990s, something called âDHTMLâ was invented. We now call it âAJAXâ, but itâs the same thing: using javascript to rewrite HTMLâŚ
Story time!
In the late 1990s, something called âDHTMLâ was invented. We now call it âAJAXâ, but itâs the same thing: using javascript to rewrite HTML in real time. This is because the web browser is, essentially, a rich text viewer (like a copy of microsoft word where you canât edit documents), but with a programming language embedded (like wordâs macro system), & people were put under pressure to make web pages act more like whole applications. But, it turned out that you could do funny things like post a comment that loaded new javascript from your own website that, for instance, replaced the login form with a new login form that sent passwords to you. This is called a cross-site scripting attack. So, because nobody thinks ahead, browser makers created a âsolutionâ called Same Origin Policy (SOP). SOP, in a nutshell, means âitâs impossible for code running on a website to download things from a website with a different domain nameâ.
This is a stupid solution for many reasons: it doesnât actually solve the problem sometimes, and it causes a bunch of other problems.
One of the problems it causes is that when somebodyâs medium publication (or tumblr blog, or whatever) has its own domain name, suddenly every piece of javascript that deals with site-wide stuff (like cookies, or accounts, or whatever) doesnât work.
How they get around this is to actually have the login screen be available through this other domain, and make everybody re-log-in. Itâs not a duplicate account, because magenta.as and hackernoon.com and all these other things are actually not different websites â theyâre just alternate domains pointing at medium, which medium has been instructed to treat in special ways â but youâll have a duplicate cookie on your computer, because basically all of our infrastructure assumes that a single domain = a single owner = a single server = a single account.
By John Ohno on June 17, 2019.
Exported from Medium on September 18, 2020.
Loading pushes...
Rendering context...