|
|
|
|
|
|
by cynwoody
3353 days ago
|
|
|
I just tried it using Chrome 57: var i = document.createElement('img');
i.src= "https://news.ycombinator.com/y18.gif";
document.body.insertBefore(i, document.body.firstChild);
The image appeared in the upper left of the Google home page.So, I clicked over to the Network tab and viewed the headers. The request headers do not include any cookies. If Hacker News were a broker using GET requests to buy shares, and the image URL was such a request, HN would not have known whose account to buy the shares for, even though I'm logged in in another tab. So, presumably, the hack does not work in Chrome 57. Edit: Never mind. It's because I have third-party cookies blocked. If I unblock third-party cookies, my HN cookie does get sent. |
|
|