Source Map feature respects response headers!

Although processing the response by the client side javascript is not possible, the browser does respect the headers the server responses with.

Take Cookie for example. If the server responses to the SourceMapURL request with Set-Cookie: key=value;,
the browser will respect the header, set that cookie and will send it with each request back to the server.

In the following example, the page sends a SourceMapURL request to both px-blog-source-map-anti-debug.appspot.com (same origin) and px-blog-source-map-anti-debug.perimeterx.com (cross origin)
and you can see how that request is responded with a new cookie that is from now on respected by the browser until it is removed.

back to menu


value of MY_COOKIE is