Questions tagged [crossdomain]

55 questions
81
votes
6 answers

How does CORS prevent XSS?

I recently learned about CORS and got the impression that its purpose is to prevent XSS. With CORS, the browser blocks requests to different domains, unless particular headers are in place. But if a person with malicious intent injects some…
Gigi
  • 1,280
  • 1
  • 11
  • 12
60
votes
6 answers

Is CORS helping in anyway against Cross-Site Forgery?

I've been reading in the last couple of days about CORS and in a lot of places it's mentioned as it is a "Security" feature to help the world from cross domain forgery. I still don't see the benefit and the reasoning for CORS. Ok, browsers will do…
Dan Dinu
  • 709
  • 1
  • 6
  • 5
53
votes
6 answers

Does injecting querystring values directly into HTML pose a security risk?

Someone reported a bug on my site that I don't really consider an issue. My site has an URL akin to this: www.site.com/ajax/ads.asp?callback=[text injection] So filetype is application/json, and I don't see how that can affect security of site. His…
Daniel
  • 1,422
  • 3
  • 21
  • 32
23
votes
2 answers

Can a website make an HTTP request to "localhost"? How does it get around the cross-domain policy?

I found this website which talks about fixing a Redis vulnerability by exploiting that same vulnerability. The website in question has a "patch me" button, and if you have a password-less Redis server running on your machine, it will patch it. In…
Daniel Magliola
  • 413
  • 1
  • 4
  • 7
15
votes
2 answers

How does medium.com know my google account?

I went to an article on medium.com earlier today, and instead of the annoying full screen popup they usually show to returning visitors, I saw this in the upper right corner: Right there on the medium page they have my name and google…
Alice Ryhl
  • 261
  • 2
  • 7
12
votes
2 answers

How to implement cross-domain, auto-login SSO without browser redirects for unlogged users?

I need to implement an SSO solution with the following requirements: Cross-domain: Let's assume I have a.com, b.com and sso.com. If I become logged in through a.com, I shouldn't need to login when I visit b.com. Centralized: Unlogged user clicking…
Jan Żankowski
  • 311
  • 1
  • 2
  • 11
9
votes
1 answer

How to implement CSRF protection with a cross origin request (CORS)

tl;dr the Cookie-to-header-token method can't work due to the CSRF token cookie not being readable by the client in any way. Is sending the token in a header, and having the client save it in a cookie immediately considered a valid alternative? I…
Eran Medan
  • 811
  • 1
  • 10
  • 19
9
votes
2 answers

How did the Facebook Originull vulnerablity of Access-Control-Allow-Origin: null allow cross-origin access?

Recently, a vulnerability in Facebook's messenger app which allowed attacks to access a users private messages via cross-origin AJAX was patched and disclosed. Simple Bug allows Hackers to Read all your Private Facebook Messenger Chats The root of…
Alexander O'Mara
  • 8,774
  • 6
  • 34
  • 38
9
votes
1 answer

Security about window.opener and iframes

I have 3 domains : domainA domainB domainC If I set target="_blank" on domainA with a link to domainC, domainC can access a bunch of property of domainA. That's why I use target="_blank" rel="noopener noreferrer". Otherwise, things like easier…
Xavier59
  • 2,874
  • 3
  • 17
  • 34
6
votes
1 answer

Why was the Same-origin policy originally introduced (before XMLHttpRequest)?

As I understand it, the Same-origin policy (SOP) basically prevents a script in a web page from obtaining or sending information from/to a different domain. I understand that this is important to prevent a page from grabbing private data and passing…
sleske
  • 1,622
  • 12
  • 22
6
votes
2 answers

Why are cookies sent with HTML page's cross domain requests but not with JS's XHR?

When we write a HTML page with form tag and an action attribute and a submit button. As soon as we click on submit a request is sent (with cookies) to the URL which was the value of action attribute. But if we send cross domain request to the same…
Nix
  • 61
  • 2
6
votes
2 answers

Cross domain iframe security

How exploitable is a site listening to browser messages from anyone? I am working on a site where I have found some iframe issues. The case is that site A has an iframe of site B, and site A listens to 'messages' from anywhere and then it can…
sboutzen
  • 61
  • 1
  • 3
5
votes
3 answers

External cross domain include script

One of my web application underwent a vulnerability assessment recently, and one of the findings is about cross domain include script. Our web app uses addthis_widget.js from AddThis to bookmark Facebook/Twitter etc. It was recommended that we copy…
5
votes
1 answer

Chrome extension: Cross origin request

Can chrome extensions make cross-origin requests by injecting a javascript into the main page? If so, isn't it a security vulnerability? Google Chrome Content Scripts Cross Origin Requests
Umar Iqbal
  • 193
  • 2
  • 5
5
votes
1 answer

How to check for cross-domain referrer leakage?

I am learning pen testing on web applications. I found the vulnerability cross-domain referrer leakage very interesting. Can anybody please tell me how to check for this vulnerability on any web application?
Webster
  • 51
  • 1
  • 3
1
2 3 4