Answer the question
In order to leave comments, you need to log in
I
I
Ivanushka2552022-01-26 20:51:57
Ivanushka255, 2022-01-26 20:51:57
How does sameSite protect the user from information leakage?
It is said that the attribute sameSiteprotects the user from information leakage (for example, collecting statistics, personalizing ads).
But I don't quite understand. For example:
- The user visits a site without sameSite protection.
- The site loads, including the banner ad placed here. When this banner is loaded, an HTTP request is made to the server of the "advertising" site.
It is hardly possible to steal someone else's cookies when collecting statistics. What I mean is that any cookie has its own attributes
domainand pathwhich clearly indicate where exactly the cookie will be sent. It turns out that during this HTTP request, only the cookies of the advertising site itself can be uploaded to the advertiser's site, if, of course, they are on the user's device. The question arises: what is the point of collecting information about your site on another site? This site can also safely collect statistics about itself and from itself.
Similar questions
A
T
I
Ilgiz Khamitov2015-05-16 17:21:37
I found a vulnerability on a large website, what should I do?
2Reply
M
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question