How would they steal HTTP-only cookies this way? | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		isbvhodnvemrwvn on Feb 23, 2021 \| parent \| context \| favorite \| on: Total Cookie Protection How would they steal HTTP-only cookies this way?

minitech on Feb 23, 2021 [–]

They wouldn’t steal the cookie, they’d just have the script send the requests as the user directly.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact