exploited
Fetch metadata,
Sec-Fetch-Dest
etc.
XXE demo
Strict-dynamic CSP demo
A project by
Michal Špaček
(
X
,
Mastodon
)
—
Source code
available
… developed and used to greatest advantage …