Collaborate Disseminate
When using postMessage it’s important to define a targetOrigin to ensure we don’t leak data to other sites.
It’s equally important to check the origin when receiving a message to prevent other sites from triggering our scripts.
But, if we’… Continue reading Is it secure to use window.origin with postMessage?
Very simply we have a ton of websites at our company behind SSO.
I am having a hard time figuring out what security issues there are if we open cross-site sharing between these sites but wanted to get a broader view. This is really a res… Continue reading Are there security issues around controlled cross site sharing behind SSO?
CORS is a HTTP Suite header that “relax” the SOP. One of the CORS misconfigurations is about to reflect without reg exp the “Origin” client header into “ACAO” response header. If it happens with “ACAC:true” every cross-domain HTTP request … Continue reading Cross-Domain Request is a CSRF Attack? (CORS)
I have a microservice app. hub.example.com handles authentication. When a users logs in, I need to set a cookie on learn.example.com What is a secure way to set this? I’m aware of a few approaches:
hub sets the cookie on example.com This… Continue reading How to securely set a cookie on another subdomain?
I found that a subdomain of a site leaks all cookies of the site due to improper error handling. Now, I found that this site does not have X-Frame Options Header in it. So, I put this subdomain in the iframe tag and it starts working. Howe… Continue reading Is there any way to access the contents of a cross domain iframe
I found that a subdomain of a site leaks all cookies of the site due to improper error handling. Now, I found that this site does not have X-Frame Options Header in it. So, I put this subdomain in the iframe tag and it starts working. Howe… Continue reading Is there any way to access the contents of a cross domain iframe
As I understand it, the Same-origin policy (SOP) basically prevents a script in a web page from obtaining or sending information from/to a different domain.
I understand that this is important to prevent a page from grabbing private data … Continue reading Why was the Same-origin policy originally introduced (before XMLHttpRequest)?
Today I accidentally miss-typed a popular’s website domain, which led me to a malicious website. I realized immediately but before I had time to close the tab, I was surprised to be presented with the web app that I am runnin… Continue reading How did a malicious website managed to serve me the app that is running on my local apache server?
When we write a HTML page with form tag and an action attribute and a submit button. As soon as we click on submit a request is sent (with cookies) to the URL which was the value of action attribute.
But if we send cross domain request t… Continue reading Why are cookies sent with HTML page’s cross domain requests but not with JS’s XHR?
victim.com – URL of the misconfigured application.
https://victim.com has an overly permissive crossdomain.xml at https://victim.com/crossdomain.xml.
<?xml version=”1.0″?>
<!DOCTYPE cross-domain-policy
SYS… Continue reading Inconsistent behavior while attempting to exploit a misconfigured flash crossdomain.xml