Skip to main content
Information Security

Questions tagged [crossdomain]

Ask Question

The tag has no summary.

61 questions
Newest Active Bountied Unanswered
1 vote
1 answer
186 views

I’d like to ask for some advice regarding controlling a newly opened browser tab using JavaScript. Here’s the situation: I have my own website hosted at my.site.com, which includes a link to a ...
Marcopolo's user avatar
  • 11
0 votes
1 answer
145 views

I'm working on an imageboard website that uses the TinyIB bulletin board software. When editing the settings, I found this line: define('TINYIB_UPLOADVIAURL', false); // Allow files to be uploaded via ...
Bunabyte's user avatar
  • 103
3 votes
2 answers
15k views

I'm trying unsuccessfully to set a cookie in an iframe cross-domain. I've found elsewhere (https://stackoverflow.com/questions/2117248/setting-cookie-in-iframe-different-domain, https://stackoverflow....
Los Sol's user avatar
  • 31
0 votes
0 answers
508 views

I am currently working as system integrator for a banking company, that asked me to provide an authentication integration on a third party website on which the company would like to redirect users, ...
Los Sol's user avatar
  • 31
4 votes
1 answer
622 views

Both Cross-Origin-Embedder-Policy and Content-Security-Policy seem to do pretty similar things: they restrict the document from loading certain types of subresources (e.g. cross-origin subresources). ...
Flying Penguin's user avatar
  • 43
2 votes
2 answers
3k views

I am building a website with a separate Javascript frontend and a Django backend. My backend uses CSRF protection. Now the problem is that the CSRF token is being set on the client side as a cookie on ...
atskdev's user avatar
  • 23
0 votes
1 answer
1k views

COOP: cross origin opener policy COEP: Cross origin embedder policy Most of the articles on the web, related to COOP / COEP, point to the fact that by enabling COOP / COEP , your web page can use the ...
gaurav5430's user avatar
  • 313
1 vote
0 answers
417 views

We have a web service where GET is always safe and all unsafe POST requests use single-use CSRF tokens. We have some cases where cross-origin domain would need to pass us POST request with data that ...
Mikko Rantalainen's user avatar
  • 555
3 votes
1 answer
2k views

In a browser I want to use SublteCrypto (https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto) to create a key pair and store it locally in the IndexedDB (https://developer.mozilla.org/en-US/...
dominik's user avatar
  • 31
2 votes
1 answer
2k views

When using postMessage it's important to define a targetOrigin to ensure we don't leak data to other sites. It's equally important to check the origin when receiving a message to prevent other sites ...
Jamie G's user avatar
  • 121
0 votes
1 answer
347 views

Very simply we have a ton of websites at our company behind SSO. I am having a hard time figuring out what security issues there are if we open cross-site sharing between these sites but wanted to get ...
blankip's user avatar
  • 118
1 vote
2 answers
1k views

CORS is a HTTP Suite header that “relax” the SOP. One of the CORS misconfigurations is about to reflect without reg exp the “Origin” client header into “ACAO” response header. If it happens with “ACAC:...
Zefiro38's user avatar
  • 21
7 votes
4 answers
13k views

I have a microservice app. hub.example.com handles authentication. When a users logs in, I need to set a cookie on learn.example.com What is a secure way to set this? I'm aware of a few approaches: ...
paj28's user avatar
  • 35k
3 votes
1 answer
4k views

I found that a subdomain of a site leaks all cookies of the site due to improper error handling. Now, I found that this site does not have X-Frame Options Header in it. So, I put this subdomain in the ...
Phenomenal One's user avatar
  • 133
6 votes
1 answer
448 views

As I understand it, the Same-origin policy (SOP) basically prevents a script in a web page from obtaining or sending information from/to a different domain. I understand that this is important to ...
sleske's user avatar
  • 2,029

15 30 50 per page
1
2 3 4 5