Great details! I was wondering, should we be guarding against JSON hijacking in 2021? Based on stackoverflow.com/a/16880162/771768 it seems to have been fixed in Chrome a decade ago.
Yea, it was fixed ages ago, but with ES6 proxies, it resurfaced. Now everything is fine again, but it could appear again with new browser features.
But there are also other security mechanisms since then to protect from it like SameSite, CORB (JSON hijacking is referred to as XSSI in that article), and the nosniff header.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Great details! I was wondering, should we be guarding against JSON hijacking in 2021? Based on stackoverflow.com/a/16880162/771768 it seems to have been fixed in Chrome a decade ago.
Yea, it was fixed ages ago, but with ES6 proxies, it resurfaced. Now everything is fine again, but it could appear again with new browser features.
But there are also other security mechanisms since then to protect from it like SameSite, CORB (JSON hijacking is referred to as XSSI in that article), and the nosniff header.