The more I watch this man’s videos the more I respect him.
@tayfun6378
4 жыл бұрын
I smiled when I heard James' voice! love you man!
@ihebhamad1477
Ай бұрын
James is a legend thank you for this presentation
@RyanDewhurst
7 жыл бұрын
Great presentation and information!
@shubham_srt
8 ай бұрын
what if Cookies are set to lax but Access Control Allow Credentials is being sent as true. As Lax does not allow cookies to be set in XHR requests. how will the cookies be sent?
@somebody3014
6 ай бұрын
wondering about the same thing, did you find the answer?
@shubham_srt
6 ай бұрын
@@somebody3014 Hey man, Lax settings are prioritised. Even if one condition is false, the cookies are not sent. So in my question cookies will not be sent as even Allow Credentials are true, Cookies are LAX (one true condition and one false) No cookies will be sent. Hope that clears the doubt.
@yoshi5113
Жыл бұрын
My favorite hacker
@smiley_1000
3 жыл бұрын
This all seems more like an issue with the browser being all to happy to share secrets between sites rather than an issue with the sites themselves.
@8ytan
Жыл бұрын
The browser by default does not allow cross-origin requests; these are all examples of sites specifically telling browsers that cross-origin requests should be allowed. The ability to permit certain cross-origin requests is incredibly useful and without it most services on the internet would break.
@tuandane82
Жыл бұрын
@@8ytan Does the CORS exploit work against the Authorization header as well, or only pass the session cookie?
@8ytan
Жыл бұрын
@@tuandane82 in theory if you're using an authorisation header containing an access token to authenticate, then misconfigured CORS isn't a huge concern because attempts to exploit the weak CORS policy will lack a valid token and therefore fail. That said, it's still good practice to think about what origins, methods etc. will reasonably need to access your service and configure the CORS headers accordingly.
@shubham_srt
8 ай бұрын
@@tuandane82 as far as i know , yes it works
@hirapirika7456
7 жыл бұрын
WILL BITCOIN GET ATTACKED ?? IN FUTURE OR EXPLOITS ?
@nicoladellino8124
5 жыл бұрын
Nice video
@hackersguild8445
5 жыл бұрын
Great.:)
@syedumararfeen8146
7 жыл бұрын
Awesome
@jattboe8617
4 жыл бұрын
21:47
@Shmancy_pants_69
3 жыл бұрын
Could someone please explain to me 'the null' in this context and it what it means to not trust the null. thank you
@smiley_1000
3 жыл бұрын
did you even watch the presentation?
@saurav2281
7 жыл бұрын
Very well explained..
@pat049b
4 жыл бұрын
Amazing work!
@ar-uh1dj
4 жыл бұрын
Amazing presentation. Thumbs up
@pranjalruhela1103
Жыл бұрын
Zomato didn't reply because they are an Indian company.
@shubham_srt
8 ай бұрын
They have always replied to me within hours! Surprised to see James getting ghosted , kinda weird, but it was 2017, maybe suff was different back then
Пікірлер: 29