-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a blocklist of URL's #14
Comments
Actually, rather than a URL list that could also leak things, maybe we should try and see if an external service can get a 200 response and similar data to what the extension sees. Process: User Clicks submit. DevWebFeed host trys to fetch the URL, if it can't get access then it won't post it.... |
Good idea. Better to play it safe. If the crx makes a fetch without cookies
and gets a 200 back, that may work. Although if someone is on a corp IP it
may still go through....
…On Mon, Apr 23, 2018, 12:39 AM Paul Kinlan ***@***.***> wrote:
Actually, rather than a URL list that could also leak things, maybe we
should try and see if an external service can get a 200 response and
similar data to what the extension sees.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#14 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAOigGHQ5FBlbzjwtctrMNEk6nA4ujChks5trYVIgaJpZM4TfYx9>
.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There's probably some url sets that we don't want to allow to get posted such as googleplex etc. Might be good to add a configurable filter that stops us from doing something stupid.
The text was updated successfully, but these errors were encountered: