CSP Violation Reports - Playground

    Usage:
    http://cm2.pw/csp-playground?domain=auth.example.com&url=https://auth.example.com/oauth

    Parameters:
    url     -   URL issuing a redirect
    domain  -   CSP whitelisted domain
    extract -   Secret to be extracted (default: code)

TODO

- Click on Exploit
- Click anywhere on the newly opened tab (Set to auto-close in 5 seconds)

** In real attack scenario, instead of closing the tab immediately, we can keep polling the vulnerable endpoint until it works.