Collaborate Disseminate
I have a pretty standard web app (react client, node server), https-enabled.
I want to add the ability for the web app to access a device on the local LAN. The device has REST APIs and I can install a certificate in it to enable https.
He… Continue reading Certificate structure for accessing a local device from a web app
If I have understood Cross-Site WebSocket Hijacking (CSWSH) attack correctly [1][2][3][4], the attack relies on two things (examples are from the first reference):
the browser sending the cookies set by the victim domain (www.some-trading… Continue reading Why is the browser not sending cookies with cross-domain WebSocket handshake request?
I have created a page to attack a CSRF unprotected endpoint.
This endpoint accepts only JSON as payload, so I have used fetch with credentials: "include" properties. The page run locally using file:// protocol.
<html>
<… Continue reading "CORS Error" but Chrome sent the request anyway
It is common to say that CORS headers protect against CSRF, so that if you visit a malicious website, it cannot make a request to your web application because the referer header (the URL of the malicious website) wouldn’t be allowed by the… Continue reading Are CORS headers useless?
I understand if you are cross-communicating with origin A, then if origin A has no Access-Control-Allow-Credentials in the response, you will never be able to reuse Cookies obtained from origin A response.
But what if you got a cookie in t… Continue reading Does CORS Access-Control-Allow-Credentials apply to non-origin/third-party cookies or as well?
I have a scenario where my Nextjs frontend application is running in the cloud with a domain & SSL and I have a nodejs backend.
When I make an API call to the backend nodejs server, I get a CORS error stating a "https to http comm… Continue reading https to http communication error while frontend call to backend
Section 3.2.3 of the Fetch standard provides some guidance about how servers can/should handle preflight requests.
A successful HTTP response, i.e., one where the server developer intends to share it, to a CORS request can use any status,… Continue reading Are timing-based side-channel attacks against the server during CORS preflight a legitimate concern?
Current projects webs application utilises a cookie based approach to store users auth token. Implemented with secure and http-only attributes set. All traffic over https. The application loads third party javascript from a range of extern… Continue reading Storing auth token in html
Without giving too many details away, let’s say that I’m auditing an API that:
Has access-control-allow-credentials: true
Has access-control-allow-origin: *
Needs JWT set in Authorization header for request to all endpoints
With this sce… Continue reading Is it possible to steal a cookie without HttpOnly via CSRF?
Looking for a way to configure chrome – either by a setting, a plugin, or a Tampermonkey script that restricts websites from loading resources/scripts from other domains.
As a user who navigates to a given domain I want to only deal with r… Continue reading Is there a way to configure chrome to apply a global same origin policy? [migrated]