On 07/04/09 16:28, Sid Stamm wrote:
Since the user's entire request header is in the report, any cookies sent with the request header to Angelic get forwarded on. While Be-Evil doesn't actually get forwarded cookies, the cookies are buried in the content of the report that is forwarded under the <request-headers> field.
... (following on from previous message) or we need to say that sites with open redirects are already broken, and this is just another symptom, and we should support redirects for the convenience and reduced implementation complexity.
Gerv _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
