Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Disable web-security (fixes headless with PhantomJS 2.1.1)
PhantomJS 2.1.1 is now properly respecting cross-origin strictness with web-security set to true (the default). To maintain support for the way the bot is architected, we have to tell PhantomJS it's okay to do cross-origin stuff. We trust chat.SE/SO and the bot script, right? :) NB: PhantomJS 2.0 *erroneously* allowed our cross-origin stuff to run just fine with web-security enabled. This was actually a security vulnerability of sorts in PhantomJS. So we're just regressing our "security level" to where we used to be, not actually making it any worse.
- Loading branch information