|
|
|
|
|
|
by wunderwuzzi23
1084 days ago
|
|
|
After I shared some POC exploits with Plugins OpenAI added this requirement it seems. However as far as I can tell, and most recent testing shows, this requirement is not enforced: https://embracethered.com/blog/posts/2023/chatgpt-plugin-vul... I'm still hoping that OpenAI will fix this at the platform level, so that not every Plugin developer has to do this themselves. It took 15+ years to get same-site cookies - let's see if the we can do better in here... |
|
|
IIRC, cookies were originally tightly locked to the domain/subdomain which set them.