HTTP

Cross-Origin Web Attacks via HTTP/2 Server Push and Signed HTTP Exchange
In this paper, we investigate the security implications of HTTP/2 server push and signed HTTP exchange (SXG) on the Same-Origin Policy …
Pinji Chen, Jianjun Chen, Mingming Zhang, 汪琦 (Eki), Yiming Zhang, Mingwei Xu, Haixin Duan
PDF