Hacker News new | past | comments | ask | show | jobs | submit login

Cooperating websites can subvert first-party isolation by redirecting the top level page through multiple first-party domains (with an ID in the URL). And Google does exactly that when you login. How to properly prevent it is still an open question:

https://bugzilla.mozilla.org/show_bug.cgi?id=1319839




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: