
Yahoo Mail flaw gets fixed, and a researcher nets $10K - _jomo
http://www.cnet.com/news/yahoo-mail-flaw-gets-fixed-and-a-researcher-nets-10k/
======
_jomo
Most, if not all of this could have been prevented by proper CSP headers [0].

Tip: Firefox gives you a really nice overview and tips on CSP if you enter
'security csp' in the Dev Toolbar (Shift F2) [1]. GitHub is a great example.

0:
[https://en.wikipedia.org/wiki/Content_Security_Policy](https://en.wikipedia.org/wiki/Content_Security_Policy)

1: [https://i.imgur.com/dbRjenA.png](https://i.imgur.com/dbRjenA.png)

