Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
IshKebab
69 days ago
|
parent
|
context
|
favorite
| on:
A proposal to restrict sites from accessing a user...
I think this can be circumvented by DNS rebinding, though your requests won't have the authentication cookies for the target, so you would still need some kind of exploit (or a completely unprotected target).
MBCook
69 days ago
[–]
How? The browser would still have to resolve it to a final IP right?
IshKebab
68 days ago
|
parent
[–]
I'm not sure what you mean but this explains it:
https://github.blog/security/application-security/localhost-...
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
