当前位置:网站首页>[tutorial] chrome turns off cross domain policies CORS and samesite, and brings cookies across domains
[tutorial] chrome turns off cross domain policies CORS and samesite, and brings cookies across domains
2022-07-03 02:18:00 【Yun MuQing】
Google browser allows cross domain origin,disable samesite, Convenient for local development and debugging , test csrf Cross-site requests forge vulnerabilities
Writing time :2022 year 6 month 30 Japan
I still remember two years ago , test csrf Loopholes are handy . Today, ,csrf It's history
chrome,Firefox Update iteration to now , The cross domain request has been made to the last gasp
Developers who suffer from local debugging , One port on the front , One port at the back end , Cross domain cannot be brought cookie 了
The widely circulated method of opening cross domain on the Internet , Start with the following command chrome:
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir="D:\ChromeDevUserData"
This will start one with you originally chrome Non interfering browsers , But at present, the latest version of browser has been tested , Still can not be reproduced csrf, But use the following enhanced version , It seems to be able to solve the cross domain problem before and after local debugging
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-site-isolation-trials --disable-web-security --disable-features=SameSiteByDefaultCookies,CookiesWithoutSameSiteMustBeSecure --user-data-dir="D:\ChromeDevUserData"
Still can not be reproduced csrf, Want to reproduce , Can only Use the old version chrome
Old edition chrome You can download it directly here :https://www.chromedownloads.net/chrome64win-stable/
If you don't want to use Baidu cloud disk , And if you want to download it on the official website , You can do this
- according to chrome Version number , Find the internal version number
https://omahaproxy.appspot.com/
- According to the build number , Go to download offline package
https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html
Test the available version :722274,19 year 12 The version of the month
choose win64 zip Use the above enhanced parameters to start
边栏推荐
- [shutter] shutter debugging (debugging fallback function | debug method of viewing variables in debugging | console information)
- 可視化yolov5格式數據集(labelme json文件)
- Restcloud ETL cross database data aggregation operation
- easyPOI
- 深度学习笔记(持续更新中。。。)
- Y54. Chapter III kubernetes from introduction to mastery -- ingress (27)
- Wechat applet Development Tool Post net:: Err Proxy Connexion Problèmes d'agent défectueux
- Pytorch convolution network regularization dropblock
- stm32F407-------IIC通讯协议
- GBase 8c系统表-pg_amproc
猜你喜欢
详细些介绍如何通过MQTT协议和华为云物联网进行通信
Detailed introduction to the usage of Nacos configuration center
easyPOI
【ROS进阶篇】第六讲 ROS中的录制与回放(rosbag)
基于线程池的生产者消费者模型(含阻塞队列)
Redis: simple use of redis
Recommendation letter of "listing situation" -- courage is the most valuable
4. 类和对象
The data in servlet is transferred to JSP page, and the problem cannot be displayed using El expression ${}
How to deal with cache hot key in redis
随机推荐
线程安全的单例模式
Swift开发学习
File class (add / delete)
Tongda OA V12 process center
[Yu Yue education] reference materials of love psychology of China University of mining and technology
String replace space
去除网页滚动条方法以及内外边距
MySQL learning 03
GBase 8c系统表-pg_authid
The use of Flink CDC mongodb and the implementation of Flink SQL parsing complex nested JSON data in monggo
stm32F407-------ADC
[codeforces] cf1338a - Powered addition [binary]
Trial setup and use of idea GoLand development tool
GBase 8c系统表-pg_collation
Method of removing webpage scroll bar and inner and outer margins
Socket programming
What are MySQL locks and classifications
Detailed introduction to the usage of Nacos configuration center
Groovy, "try with resources" construction alternative
Producer consumer model based on thread pool (including blocking queue)