Collaborate Disseminate
I understand that the SameSite directive tries to protect against cross-origin leakages and CSRFs (see OWASP), but I don’t get why (on my browser at least) it applies to the cookie’s destination rather than on the client’s origin. As a con… Continue reading Why SetCookie’s SameSite directive applies the destination rather than the origin?
I realize that OWASP recommends CSRF tokens but I rarely see them used with public standalone HTTP APIs. This would seem to indicate that they’re not always necessary.
To make this a little more concrete, I would envision the following sc… Continue reading Do best practices eliminate the need for a CSRF token when writing an API server?
I realize that OWASP recommends CSRF tokens but I rarely see them used with public standalone HTTP APIs. This would seem to indicate that they’re not always necessary.
To make this a little more concrete, I would envision the following sc… Continue reading Do best practices eliminate the need for a CSRF token when writing an API server?
While testing a website for CORS misconfiguration, I have found that access-control-allow-origin header is being set dynamically based on host header in requests.
Is it safe or can be exploited?
Origin header is not gettin… Continue reading CORS misconfiguration
I would like to get some experts’ advice regarding the way I resolved the following issue:
Let’s say my personal app is hosted as an Azure App Service on https://example.azurewebsites.net
The JS client code running withing t… Continue reading CORS issue with WebApp on Azure + AAD
I found that a website protects itself of CSRF attacks by validating the POST request contains a specific header:
-Example-header: GF
What i find strange is that this header doesn’t have a csrf token in it, it is just a cu… Continue reading Custom header to avoid CSRF attacks? header without token
To summarize:
CSRF is an attack where a page in a different window/tab of the browser
sends nonconsensual request to an authenticated web app, that can typically
be prevented from server-side by checking the Referer, Origin header of the… Continue reading Clarification of relationship between CORS and CSRF [closed]
I have made a script that can be used for exploiting CORS misconfiguration.
The script works fine but if I want to send an extra header to the request by
xhttp.setRequestHeader(“test_header”, “test_value”)
It first sends the… Continue reading Bypassing header validation
I have a question about accessing buckets on AWS S3. Let’s suppose we have a bucket that has to have public read access by everyone and only my API has to be able to PUT and DELETE items from bucket. To
restrict the access, take a look at… Continue reading Amazon S3 policies: CORS or Service Accounts?
I study web attacks. I find that it is possible to submit a form with HTML from another origin into the victim server. But if I use AJAX then I get a CORS error. Is this the expected behavior? If yes, why? The victim has not set any “Allow… Continue reading CORS error but only from AJAX and not from HTML form