Questions tagged [cross-site]
Cross-site means the interaction cross separate domains of authority.
cross-site
248
questions
0
votes
0
answers
26
views
How to stop google analytics from setting _ga cross-site cookie when using resources from site A on Site B
I have a website (A) example.com on which I've placed google analytics tag.
I have a second website (B) property.com on which I am loading resources from subdomain.example.com.
When I visit site A (...
- 83
1
vote
0
answers
46
views
Issues when using dompurify.sanitize method on Veracode report for Cross-Site Scripting (XSS) vulnerability
I am Facing Cross-Site Scripting(XSS) issues in Vera code report. I was using dompurify.sanitize() method and also allowed its attributes. Earlier when I was using this method on my code it was fixed ...
2
votes
1
answer
408
views
How to handle upcoming third-party cookie block in Electron app?
I manage an Electron application where authorization is provided by a JWT cookie set from my server and have recently noticed the Reading cookie in cross-site context will be blocked in future Chrome ...
- 1,116
0
votes
0
answers
39
views
What determines how the frame-ancestors value is set in the Content-Security-Policy?
I'm trying to frame content from a 3rd-party provider in an iframe on my Wordpress site. I'm emulating something that's set up on an affiliated site. When loading and attempting to download the iframe ...
- 97
0
votes
0
answers
30
views
How can I make a cross-site POST request with redirecting?
I am building a site with a list of words for learning a language. I also have another site on a sub-domain for flashcards. I want users to be able to choose words from the list, then press a button ...
- 638
0
votes
0
answers
60
views
OWASP CSRFGuard JavaScript was included from within an unauthorized domain
We use Owasp.CsrfGuard.js in webapp project and got error OWASP CSRFGuard JavaScript was included from within an unauthorized domain!
One of the reason I have identified that, webapp is accessed ...
0
votes
1
answer
358
views
Angular app fails to set a cookie via ASP.NET Web API
I'm trying to write an angular app with an ASP.NET Core Web API and a Cosmos DB.
Because of sensible data I need to deal with authentication and authorization.
I'm using the Microsoft.AspNetCore....
- 1
0
votes
0
answers
90
views
Is this POC a real XSS vulnerability?
I am testing some vulnerabilities and I have some doubts. for example:
1 -
$("#ID").html("<script>alert('XSS')</script>");
if in element id I use the id of the form ...
- 1
0
votes
1
answer
32
views
Accessing session information from another tab and site
I have inherited maintenance of a PHP website that is mysite.com and an ASP.NET website that is shop.mysite.com. The client wants a single sign-on for both sites. The solution I am pursuing is to ...
- 81
0
votes
1
answer
721
views
SpringBoot - How I can configure samesite none Csrf Cookie (Spring Security 6.2)
What I have:
I have sprint boot api, and angular app in diferents domains (not subdomains), and is not an option change it.
I only grant access by cors to my angular domain app.
What I need:
I need ...
- 33
0
votes
0
answers
22
views
Will cookies be sent in cross-site context if sent between domain and subdomain?
If I have a server running on api.mydomain.com and the client running on mydomain.com and I'm using session cookies stored on the server for authorization, will the browser flag the cookie as cross-...
0
votes
0
answers
27
views
Preventing cross-site scripting in ASP.NET MVC pages
During a security test the following was flagged as a problem.
Reflected Cross-Site Scripting in the "gridName" Parameter - Grid - Cross site scripting
../grid/index?pageName=griddetail&...
- 959
0
votes
1
answer
128
views
How can I mitigate an inputHidden XSS vulnerability on JSF according to Fortify SAST?
Here, things are clear about what Fortify is finding as a vulnerability because it reports that an inputHidden could be vulnerable to XSS. I read another post about JSF mitigating this, and they said ...
- 1
0
votes
2
answers
103
views
Ajax call from apsx to code behind causes 500 error - Referrer Policy: strict-origin-when-cross-origin in .net
I would like to set a session variable in code behind so after received an ajax call result based on the result of that set a session variable.
This application is old webform and is not MVC Here is ...
- 149
0
votes
0
answers
564
views
I need to inject the code with eval() function to complete my task, do i need to changes in eval() funcction?
I need to complete this task, please see the below comments,
You are calling the hack() function in your text files which is a good start. The goal of the task inject the hack() function into the ...
