DaniElectra
commented
2 weeks ago This should be tested on the 3DS too. The XML parser is known to be picky there (at least on BOSS)
Open shutterbug2000 opened 2 weeks ago
DaniElectra
commented
2 weeks ago This should be tested on the 3DS too. The XML parser is known to be picky there (at least on BOSS)
jonbarrow
commented
2 weeks ago This should be tested on the 3DS too. The XML parser is known to be picky there (at least on BOSS)
If comments don't work on the 3DS, then maybe adding this as just a totally custom field would be better?
shutterbug2000
commented
2 weeks ago Tested on 3DS, appears to work without issues
Same method as Wii U, just jamming a comment in after <?xml version="1.0"?>
Was able to login to Juxt (altho it didn't load the webpage complaining about certs, but I think that's my patches being out-of-date)
TraceEntertains
commented
2 weeks ago Juxt portal doesn't work with SSL proxying enabled but discovery does, just figured i would mention it
Checked Existing
What feature do you want to see added?
The server should include a warning that sharing data in the request or response from the server could result in impersonation of the user or their console.
Why do you want to have this feature?
Recently, a user had their console details stolen by a known bad actor using social engineering. A warning from the server will help prevent this, similar to the warnings many sites give upon opening the browser's developer tools console.
Any other details to share? (OPTIONAL)
I used Charles' rewrite feature to add
<!--WARNING!!! DO NOT SHARE ANYTHING IN THE REQUEST OR RESPONSE WITH UNTRUSTED USERS! IT CAN BE USED TO IMPERSONATE YOU AND YOUR CONSOLE, POTENTIALLY GETTING YOU BANNED!!-->after<?xml version="1.0"?>. This appears to work without issue on all tested endpoints. The message can be tweaked if needed, just needs to get the point across