Possible attack via redirect chain #217
Comments
|
Good question.
This is in reference to the Topics request header, which is only sent on subresource requests and subframe navigation requests. Since those aren't top-frame navigations, the topics won't change across redirects. That said, it would be possible to navigate the user to different sites via script in the top frame and append the various topics received as query params along the way. If this were to become a problem, one way we could address it would be to return empty topics lists for callers on pages that were navigated to via script from a different site. I'd like to research this to understand just how much it would impact users.
It's the eTLD+1 of the given url.
Generally not, unless they are on the public suffix list. edit: whitespace |
It is not clear to me what happens when an offending website forces the user's browser to follow a chain of redirects.
According to the documentation, "Redirects will be followed, and the topics sent in the redirect request will be specific to the redirect URL."
Can this potentially lead to an attack in which the browser follows a chain of redirects, each one letting the controlling webmaster obtain one (three) possible topics via the
document.browsingTopics()?For instance:
(visit to mysite1.com -> get 3 topics) + (redirect to mysite2.com -> get 3 topics) + (redirect to mysite3.com -> get 3 topics) + ...With this attack, assuming the three websites are owned by the same (or colluding) organization(s), who controls mysite{X}.com gets up to 3|X| topics in a short time.
Are there any mechanisms in place to prevent this?
Moreover, which is the definition of a website within the Topics API?
Are two subdomains of the same domain considered different websites?
For example, one.example.org and two.example.org are the same or different websites?
The text was updated successfully, but these errors were encountered: