Mastodawn

I'm back to thinking about CSRF: why is it useful for sites to be able to embed resources (like <img src="othersite.com/whatever.jpg">) and for the browser to send the user's cookies to the third-party site?

There's "ads" and "tracking" obviously but I feel like there's another actually-useful-to-users reason I'm not thinking of

Show thread

Ben Berry

@b0rk (Not how I understand it to be used, but I could imagine a use case for it working this way)
Something like Venueless, a conference software, where video streams from third-parties are embedded.
I could imagine a case where the third-party uses some cookie authentication.