Stack Overflow
Stack Overflow

Questions tagged [cross-site]

Cross-site means the interaction cross separate domains of authority.

246 questions
3
votes
2 answers

Loading cross domain XML with Javascript using a hybrid iframe-proxy/xsl/jsonp concept?

On our site www.foo.com we want to download and use http://feeds.foo.com/feed.xml with Javascript. We'll obviously use Access-Control but for browsers that don't support it we are considering the following as a fallback: On www.foo.com, we set…
Josef Pfleger
  • 74,165
  • 16
  • 97
  • 99
2
votes
2 answers

Java-ajax cross site empty response string

I am doing a cross-site ajax to java data transaction(Not sure if I named that correctly, so please forgive me about that). Part of code in Java file: BufferedReader input = new BufferedReader(new InputStreamReader(connectionsocket. …
Andrius Naruševičius
  • 8,348
  • 7
  • 49
  • 78
2
votes
1 answer

Getting Cross-site XML response with jquery

I'm trying to get some xml information from a service that is not mine. Basically, the user will authenticate on the other service and my script should go get the information using it authentication cookie via cross-site. I'm using jquery to do…
DVD
  • 1,744
  • 3
  • 17
  • 34
2
votes
1 answer

Share Authentication between different Apps in CakePHP?

I'm still sort of new to CakePHP, and I've presently created and deployed one (rather complex) application using it. It has full user and group support and I took the time to get the access tables working and everything. Now, I'm creating a separate…
Blank
  • 7,088
  • 12
  • 49
  • 69
2
votes
1 answer

Django doesn't create session cookie in cross-site json request

I want to make cross-site JavaScript call from third-party domain (in this case my desktop/localhost server) to my remote Django server hosted on my_domain.com/ and calling REST WS exposed on my_domain.com/msg/my_service with using session/cookies…
Peper
  • 21
  • 1
2
votes
1 answer

Image not loading due to content security policy in React app

I am attempting to load an avatar image in a React app that is being served up from a NodeJS/Express backend. I have my content-security policy set as:
rhaq
  • 33
  • 2
2
votes
0 answers

Cannot log into my site on iOS devices when "Disable Cross-Site Tracking" is on

We have an Angular 9 SPA on the front-end with a .Net Core 5 WebAPI on the backend. We’re using Auth0 as our authentication server. For some reason, on iPhones, after the user logs in (on Auth0’s login screen) and gets redirected back to our web…
Fabricio Rodriguez
  • 3,769
  • 11
  • 48
  • 101
2
votes
1 answer

Page_load method may leak server-side conditional values, enabling user tracking from another website

I am getting Cross Site History Manipulation issue on a Checkmarx scan of my solution. The issue I am getting is: Method Page_Load at line 40 of xyz\abc.aspx.cs may leak server-side conditional values, enabling user tracking from another website.…
Priyanka
  • 23
  • 8
2
votes
0 answers

XSS Attack Prevention

I have a web application written in PHP. The templating engine is SMARTY. My question is very simple, yet the answer should not be that easy, because I searched the hell out of it to no avail. When I telnet to port 80 and run the following…
Pooyan Balouchian
  • 21
  • 1
2
votes
0 answers

Set a samesite cookie for an online shopping site

I have an online shopping site and I have to connect to the payment gateway to buy. Newer versions of Chrome have a new policy. That said, you should add an attribute called sameSite to your cookies. When I set-cookie attribute, I add sameSite =…
mrbelane
  • 175
  • 1
  • 1
  • 7
2
votes
1 answer

How to login into wordpress in both cross-origin (iframe) and same-origin scenario?

I use iframes to display contents from a site aaa.com to a bbb.com where users can register and login to download pro documentations. And now Chrome blocks all cookies without "Samesite=None ; Secure" attributes and users can't no longer register or…
Kevin Lemarchand
  • 31
  • 4
2
votes
2 answers

Blazor Form - User Input Sanitization (, etc)

I am working on Blazor application where I have a form which take user input (form with some text boxes & text area). What is best approach to prevent it from cross site scripting and XSS attacks. I am using Microsoft.AspNetCore.WebUtilities for…
ZKS
  • 817
  • 3
  • 16
  • 31
2
votes
1 answer

How should Single-Sign-On work if all browsers will prevent cross site tracking

more and more modern browsers prevent cross-site tracking by default. For example, Safari, Firefox, Brave, they all use 'prevent cross-site tracking' as a default option. I analyzed our users and found out that 6% of them prevent cross-site tracking…
mailman_73
  • 778
  • 12
  • 29
2
votes
2 answers

jQuery autocomplete - xml cross site request

The XML feed for my autocomplete is on another server. Is there a client side (javascript) method of getting this XML document? I know I can create a proxy with php, jsp, etc.. but I need to do it all client side. This is how I call the file now…
Specked
  • 23
  • 1
  • 4
2
votes
1 answer

Detect dynamic javascript for xssi

I am trying to understand the cross site script inclusion. i have read the paper of sebastian lekeis (click here for paper and slide and video link) and got some idea about it. Here detecting dynamic javascript is a part of the methodology and I…
Sadid Khan
  • 1,836
  • 20
  • 35
1 2 3
16 17