当前位置:网站首页>[tutorial] chrome turns off cross domain policies CORS and samesite, and brings cookies across domains
[tutorial] chrome turns off cross domain policies CORS and samesite, and brings cookies across domains
2022-07-03 02:18:00 【Yun MuQing】
Google browser allows cross domain origin,disable samesite, Convenient for local development and debugging , test csrf Cross-site requests forge vulnerabilities
Writing time :2022 year 6 month 30 Japan
I still remember two years ago , test csrf Loopholes are handy . Today, ,csrf It's history
chrome,Firefox Update iteration to now , The cross domain request has been made to the last gasp
Developers who suffer from local debugging , One port on the front , One port at the back end , Cross domain cannot be brought cookie 了
The widely circulated method of opening cross domain on the Internet , Start with the following command chrome:
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir="D:\ChromeDevUserData"
This will start one with you originally chrome Non interfering browsers , But at present, the latest version of browser has been tested , Still can not be reproduced csrf, But use the following enhanced version , It seems to be able to solve the cross domain problem before and after local debugging
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-site-isolation-trials --disable-web-security --disable-features=SameSiteByDefaultCookies,CookiesWithoutSameSiteMustBeSecure --user-data-dir="D:\ChromeDevUserData"
Still can not be reproduced csrf, Want to reproduce , Can only Use the old version chrome
Old edition chrome You can download it directly here :https://www.chromedownloads.net/chrome64win-stable/
If you don't want to use Baidu cloud disk , And if you want to download it on the official website , You can do this
- according to chrome Version number , Find the internal version number
https://omahaproxy.appspot.com/
- According to the build number , Go to download offline package
https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html
Test the available version :722274,19 year 12 The version of the month
choose win64 zip Use the above enhanced parameters to start
边栏推荐
- easyExcel
- Visual yolov5 format data set (labelme JSON file)
- Swift开发学习
- GBase 8c系统表-pg_authid
- Awk from getting started to getting into the ground (3) the built-in functions printf and print of awk realize formatted printing
- [shutter] top navigation bar implementation (scaffold | defaulttabcontroller | tabbar | tab | tabbarview)
- RestCloud ETL 跨库数据聚合运算
- Kotlin middle process understanding and Practice (II)
- PyTorch 卷积网络正则化 DropBlock
- 微服务组件Sentinel (Hystrix)详细分析
猜你喜欢
y54.第三章 Kubernetes从入门到精通 -- ingress(二七)
How to deal with cache hot key in redis
详细些介绍如何通过MQTT协议和华为云物联网进行通信
机器学习笔记(持续更新中。。。)
How can retail enterprises open the second growth curve under the full link digital transformation
4. 类和对象
The use of Flink CDC mongodb and the implementation of Flink SQL parsing complex nested JSON data in monggo
What are MySQL locks and classifications
awk从入门到入土(0)awk概述
stm32F407-------DMA
随机推荐
Create + register sub apps_ Define routes, global routes and sub routes
力扣(LeetCode)183. 从不订购的客户(2022.07.02)
Depth (penetration) selector:: v-deep/deep/ and > > >
Storage basic operation
微信小程序开发工具 POST net::ERR_PROXY_CONNECTION_FAILED 代理问题
Producer consumer model based on thread pool (including blocking queue)
Distributed transaction solution
Su Shimin: 25 principles of work and life
Tongda OA homepage portal workbench
GBase 8c 函数/存储过程定义
stm32F407-------DMA
The Sandbox阐释对元宇宙平台的愿景
【ROS进阶篇】第六讲 ROS中的录制与回放(rosbag)
Redis: simple use of redis
[shutter] hero animation (hero realizes radial animation | hero component createrecttween setting)
awk从入门到入土(0)awk概述
微服务组件Sentinel (Hystrix)详细分析
4. 类和对象
Thread safe singleton mode
创建+注册 子应用_定义路由,全局路由与子路由