olivier-thatch
commented
1 year ago Wow, nice find!
Closed bdewater-thatch closed 1 year ago
olivier-thatch
commented
1 year ago Wow, nice find!
ankane
commented
1 year ago Hey @bdewater-thatch, thanks for the PR! I think FormData will have the most compatibility (even though it's more verbose), so made that change in the commit above. Also tried URLSearchParams, but it looks like there's an issue before Chrome 88 (https://github.com/chromium/chromium/commit/33d34b12abc582eec6c55ee1b654db655bf46088).
bdewater-thatch
commented
1 year ago Thanks @ankane!
The fact that this token was sent in the query string came up in a pentest, since query strings may be logged/cached in some systems.
navigator.sendBeacon()accepts various things as the 'data' argument but we need a Blob here to specify the correct MIME type, otherwise sendBeacon defaults totext/plain. Some versions of Chrome didn't allow other MIME types here for a period, but this has been fixed.Verified this works by with querying for
select pg_sleep(5);and immediately navigating away, logs show the query got cancelled as expected (SELECT pg_cancel_backend(pid) ...).