Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
jonny_eh
on March 31, 2015
|
parent
|
context
|
favorite
| on:
China's Man-On-the-Side Attack on GitHub
Github wouldn't get baidu's cookies since they're different domains.
eloisant
on March 31, 2015
[–]
They could if they put code to read cookies in JS and send them home in the JS included in people's pages.
jonny_eh
on March 31, 2015
|
parent
[–]
Good point, all the more reason page authors should use httpOnly cookies:
https://www.owasp.org/index.php/HttpOnly
Join us for
AI Startup School
this June 16-17 in San Francisco!
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
