-
Yet another A.I. security review context issue: server-side request forgeries are server-side. They occur on the server. They do not happen in img src attributes on the browser.
Also in code reviewing news, sometimes you see comments from human reviewers on the client's team. Generally, they're what you expect. This one startup has a really shitty culture, though, and there's so many comments like "WTF" followed by three words of dubious substance. It's gotta suck to work there.