Hi guys, I’m just doing the CSRF labs, some of them require us to exploit the flaws with JS (I’m not talking about the XSS’s), I tested it in Chrome, and it doesn’t seen to work, cookies are not sent in cross domain requests made with XMLHttpRequest. I’m doing something wrong? My understanding is that we cannot send authenticated requests cross domain with javascript