Highest Voted 'cross-site' Questions

7

votes

5 answers

Cross site calls without JSONP

I am having a application where frontend being built using HTML, CSS and Javascript code. Backend will be created using core java, Restlet. Now the real problem is frontend and backend both will be on diff servers with diff ports too. like,…

javascript gwt cross-site

asked Jul 25 '13 at 20:41

vbjain

547
2
7
23

6

votes

1 answer

Why can't I fetch an object URL (aka "blob URL") cross-site and cross-frame?

I'm developing an iframeable component and have now stumbled over something that looks like a security problem. I have two web sites: site A, running at http://localhost:3002 site B, running at http://localhost:3000 Site A embeds site B in an…

iframe same-origin-policy cross-site createobjecturl

asked Jul 28 '21 at 08:01

Nikolai Prokoschenko

8,465
11
58
97

6

votes

1 answer

How to work with cookies in Safari following their Prevent cross-site tracking option

I noticed that when Prevent cross-site tracking is checked in Safari, I am unable to set the secure cookies. I described this issue in great detail in this question. Then how do you set the secure cookies in Express with that setting enabled? From…

node.js express cookies safari cross-site

asked Aug 15 '20 at 15:21

Joseph K.

1,055
3
23
46

6

votes

1 answer

Confusion regarding SameSite changes with Chrome

I need some help understanding a case which I can not find described in material I have found describing the new SameSite restrictions for Chrome. Currently, I have a case where I have a site hosted which makes cross-site requests to an API. The…

google-chrome cors same-origin-policy cross-site samesite

asked Mar 20 '20 at 03:25

Goblinlord

3,290
1
20
24

6

votes

0 answers

Safari 12 and "Prevent cross-site tracking" mode

With new approach of Safari browser we have problem to autheticate users on third-site domain: a) On our webiste user log-in and create auth cookie valid for servicedomain.com b) user is using our service on his own domain client.com by inserting…

authentication cookies safari cross-site

asked Oct 17 '18 at 14:03

Tomas

61
2

6

votes

2 answers

Security in embedded iframe/javascript widget

I'm building a website that is functionally similar to Google Analytics. I'm not doing analytics, but I am trying to provide either a single line of javascript or a single line iframe that will add functionality to other websites. Specifically, the…

javascript security iframe xss cross-site

asked Aug 20 '13 at 01:40

Peter Kinnaird

95
2
6

6

votes

3 answers

Cross-site AJAX using jQuery

I have an existing jQuery plugin which makes a lot of AJAX calls (mostly JSON). I am wondering what is the quickest to allow it to do cross-site calls i.e. the $.get and $.post URL's will not be from the same domain. I have heard of JSONP, but was…

javascript jquery ajax cross-site

asked Jul 29 '09 at 02:38

Alec Smart

94,115
39
120
184

5

votes

1 answer

In an ordinary Blazor web page, is there any way to run a web view on the page?

In an ordinary Blazor WebAssembly web page, is there any way to run a web view on the page? That is, to effectively have a "inner" browser on my page within my actual Browser, whether it's WebView2 or something else? If there is no Blazor-specific…

iframe browser blazor-webassembly cross-site

asked Oct 24 '22 at 02:30

Patrick Szalapski

8,738
11
67
129

5

votes

1 answer

Sending requests to facebook as a user from a third-party app

I need to initiate searches on facebook marketplace from my application on the user's device. This needs to happen on the user's device, and as the facebook user associated with the user using the application, to avoid getting blocked by facebook.…

facebook facebook-graph-api cross-domain cross-domain-policy cross-site

asked Dec 21 '19 at 03:06

user2268997

1,263
2
14
35

5

votes

3 answers

Servers that supports CORS?

I wonder if there are many servers that are supporting CORS?

ajax xmlhttprequest cors cross-site

asked Feb 10 '11 at 02:39

ajsie

77,632
106
276
381

4

votes

0 answers

How to enable Cross-Site tracking on WKWebView

I have an iOS webview app which require access to third party cookies accessed from inside an iFrame, even if I clear the Prevent Cross Site Tracking on IPhone Safari Settings, it does not work! But when I access the webview link directly using…

ios swift wkwebview cross-site third-party-cookies

asked Sep 10 '21 at 02:35

Alan

59
6

4

votes

1 answer

Chrome not sending back cookies in iframe after Aug 10, 2020 update

We have a webapp that embed another webapp on a different site in an iFrame. This had been in place for a few years already. Last week we started to get error reports from some users. After investigation we found that on Chrome 84.0.4147.125,…

google-chrome cookies iframe cross-site

asked Aug 16 '20 at 16:00

scharette

605
1
9
25

4

votes

0 answers

Github Pages and CORS Support: XMLHttpRequest cannot load error

I'm trying to rig together an example JS + JQuery + Ajax project for a friend of mine that calls out to an external API. I just have it hosted on Github Pages. Github recently enabled CORS for pages, but I still don't seem to be able to make cross…

ajax cors xss github-pages cross-site

asked Feb 24 '17 at 00:34

zyshara

453
1
4
7

4

votes

1 answer

Cross-Site Scripting: encodeForHTML for HTML content (The OWASP Enterprise Security API)

I have a HTML select Tag in my JSP <%@ taglib prefix="esapi" uri="http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API"%> I set…

javascript jsp xss owasp cross-site

asked Nov 20 '15 at 14:41

Nuñito Calzada

4,394
47
174
301

4

votes

3 answers

Sending Text Cross Domain By Bookmarklet

I need a user to navigate to a certain page that has a certain div full of useful text. Then click my bookmarklet and send the text in that div back to my server, which is different from the current domain. I have successfully inserted jQuery on…

javascript cross-domain bookmarklet cross-site

asked Feb 03 '10 at 20:58

agoessling

69
2
8

Questions tagged [cross-site]