|
|
|
|
|
|
by Buge
3026 days ago
|
|
|
CORS is irrelevant. >The attackers would need to get that nonce from the site. The attackers have their own machine with a browser running on it that visits the real site and gets the nonce, then hands that nonce to the victim to be signed by their key. |
|
|