Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Apr 28, 2020. It is now read-only.

Approved hosts #238

Merged
merged 7 commits into from
Aug 9, 2019
Merged

Approved hosts #238

merged 7 commits into from
Aug 9, 2019

Conversation

deansheather
Copy link
Member

@deansheather deansheather commented Jul 24, 2019
edited
Loading

Closes #237.

TODO:

  • Add styling to extension config page and popup page
  • Test security
  • Is it safe to lowercase hostnames?
  • Validate the hosts added in the config page
  • Make errors more visible to user

@teddy-codes
Copy link
Contributor

As per one of the TODOs, it is safe to lowercase all hosts because uppercase and lowercase values would be routed to the same place. Not really sure if that helps at all.

@deansheather
Copy link
Member Author

Screenshot

@teddy-codes
Copy link
Contributor

I like the UI for that.

@deansheather
Copy link
Member Author

Popup doesn't exist anymore, and the extension "browser action" now opens the config page.

@deansheather deansheather marked this pull request as ready for review August 3, 2019 03:02
@deansheather
Copy link
Member Author

I think this is ready, I've tested that it works on GitHub. I don't think there's any security issues with how it prompts for consent on hosts that aren't already approved (right now the background script injects a confirm dialog into the target tab).

kylecarbs
kylecarbs approved these changes Aug 8, 2019
View reviewed changes
Copy link
Member

@kylecarbs kylecarbs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome addition.

Let's bump the minor version number as well.

@deansheather deansheather merged commit 61d8d38 into master Aug 9, 2019
@lucacasonato
Copy link
Contributor

I just wanted to say that the work you did for moving the websocket to the background script I already did in #225, but @kylecarbs still hasn't reviewed it. It's like 2 months old now.

@deansheather deansheather deleted the approved-hosts branch September 20, 2019 11:44
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@kylecarbs kylecarbs kylecarbs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Security] Approved hosts mechanism (GH-227 follow up)
4 participants
@deansheather @teddy-codes @lucacasonato @kylecarbs