Posted: Apr 18, 2017 2:14 pm
by VazScep
Oh FFS.

I'd hoped that the HTTPs-everywhere plugin would have caught this, but no, I was vulnerable.