Outrageous Strange Cross-Site Security

In making a simple authentication service, I ran into a myriad of strange, incomprehensible requirements that someone obviously through was a good security idea, but essentially misses the mark, has all the marks of “design by committee,” and makes everything else difficult.  I am recording them here, because this seems like the kind of thing I am going to need to refer back to.

Continue reading