When using cross origin urls for images with the canvas api, if the image is cross origin I am getting a tainted canvas exception. MDN Allowing cross-origin use of images and canvas. Changing crossOrigin=”anonymous” fixes the issue; however, is it okay to always do that? Or should I check the url …
Tag: cross-domain
HttpOnly Cookies not found in Web Inspector
I am working on user authentication for a website built using the MERN stack and I have decided to use JWT tokens stored as HttpOnly cookies. The cookie was sent in a “Set-Cookie” field in response header when I used Postman to make the request but not in the Safari Web Inspector as shown in the i…
iframe not reading cookies in Chrome
Chrome is not allowing a child iframe to read its own cookies. I have a parent webpage with a child iframe: parent at https://first-site.com child at <iframe src=”https://second-site.com”> (inside of parent) cookie set with path: ‘/’ secure: true httpOnly: false domain: ‘.s…
Use window.open but block use of window.opener
A while back I ran across an interesting security hole Looks innocuous enough, but there’s a hole because, by default, the page that’s being opened is allowing the opened page to call back into it via window.opener. There are some restrictions, being cross-domain, but there’s still some misc…
Fetching metadata from url
I have used Jsoup library to fetch the metadata from url. But I want to do it in client side using javascript Answer You can’t do it client only because of the cross-origin issue. You need a server side script to get the content of the page. OR You can use YQL. In this way, the YQL will used as
Internet Advertisers and Third-Party Cookies – clarification?
I’ve read this question about how third party cookie are set , which is a subject I already know : it can be done via three ways : Script (application/javascript)mime type ( which is generated at server side) which can also set cookie. ( along with the script response). img link <IMG href=”http…
Problems with window.postMessage on Chrome
I have been stuck on this for hours. I have a.html on http://example.com that contains an iframe with src to b.html on http://subdomain.example.com. a.html has some JS code to postMessage to the iframe. The code to postMessage is simple: But this way, Chrome throws an error: I have also tried: But NO LUCK! Th…
Cross-domain connection in Socket.IO
Is it possible to use Socket.IO in a cross domain manner? If so, how? The possibility is mentioned around the web but no code examples are given anywhere. Answer Quoting the socket.io FAQ: Does Socket.IO support cross-domain connections? Absolutely, on every browser! As to how it does it: Native WebSockets ar…