1. 11
  1.  

  2. 4

    A demonstration of the attack can be seen here: https://www.youtube.com/watch?v=oTycM5mQSpQ

    1. 1

      This probably a stupid question but what can you do with a leaked CSRF token ? Isn’t it generated freshly every time a form is rendered ?

    2. 2

      Reading their countermeasures it would seem to indicate that disabling 3rd party-cookies in the browser would prevent the attack, right ?