Is POST-based XSSI possible?
With standard XSSI, an attacker can include a remote script which contains user-bound secrets across origins, and then read them out.
I have an endpoint which returns sensitive Javascript code, but the request to fetch it is POST-based (th… Continue reading Is POST-based XSSI possible?