all InfoSec news
Talking about JSONP Hijacking Vulnerability
DEV Community dev.to
JSONP
The full name of JSONP is JSON with Padding, a solution based on JSON format to solve cross-domain request resources.
Due to the limitation of the browser's same-origin policy, the browser only allows XmlHttpRequest to request resources with the same current (domain name, protocol, port), and there is no restriction on requesting script resources.
Principle: The client sends a cross-domain request through the request script tag, and then the server outputs JSON data and executes the callback function. This …
beginners browser current cybersecurity domain domain name hijacking infosec json jsonp name origin padding policy port protocol request resources script solution talking vulnerability