Just found an interesting behavior in Firefox that can be used for XSS:
If a response lacks the Content-Type header, Firefox renders it as text/plain.
But if the URL ends with an extension like .html, Firefox treats it as that.
#bugbounty#bugbountytips
It’s so fun looking for JSONP or stuff like that, I submitted a few of them to the https://t.co/kCgo6k9CnR repo by @renniepak
now you can bypass CSP restrictions for this rules:
*.gitlab.com
*.onetrust.com
*.forismatic.com
*.ipify.org
*.dblp.org
*.ipinfo.io
*.opendatasoft.com