Does SOP prevent a class of CSRF attacks?
Just want to settle a debate I’m having with someone.
Suppose there is no SOP. Via an XSS exploit, code can run on website A.com and submit an XHR request to B.com. Suppose B.com stores an auth token in an HTML page (maybe to interface wit… Continue reading Does SOP prevent a class of CSRF attacks?