Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
RandomDistort
11 months ago
|
parent
|
context
|
favorite
| on:
Why do we have both CSRF protection and CORS?
Is there some document somewhere that lists all the potential ways of doing stuff like this?
Herrera
11 months ago
[–]
Yeah,
https://xsleaks.dev
tracks most of the known ways to leak cross-origin data.
smagin
11 months ago
|
parent
[–]
oh hell yes. And oh yes iframes and postmessages, of course people would setup them incorrectly and even if they do some (probably not that important but still) data will leak if you're creative enough. Thanks for the link!
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
