Window References

Window References

October 8, 2020
Abuse Window References
Category Attack
Defenses Fetch Metadata, SameSite Cookies, COOP

If a page sets its opener property to null or is using COOP protection depending on the users' state, it becomes possible to infer cross-site information about that state. For example, attackers can detect whether a user is logged in by opening an endpoint in an iframe (or a new window) which only authenticated users have access to, simply by checking its window reference. Code Snippet # The below snippet demonstrates how to detect whether the opener property was set to null, or whether the COOP header is present with a value other than unsafe-none. ...