Window References

October 8, 2020

If a page sets its opener property to null or is using COOP protection depending on the users’ state, it becomes possible to infer cross-site information about that state. For example, attackers can detect whether a user is logged in by opening an endpoint in an iframe (or a new window) which only authenticated users have access to, simply by checking its window reference. Run demo

Code Snippet #

The below snippet demonstrates how to detect whether the opener property was set to null, or whether the COOP header is present with a value other than unsafe-none. This can be done with both iframes and new windows.