Open CraigBos opened 2 years ago
Hi @CraigBos , sorry for the issue.
What probably changed here between 3.x and 4.x is that sending is now done with a form data AJAX request rather than a JSON-encoded one to save 33% bandwidth and time due to avoiding base64 encoding.
This is likely what the security software is detecting as a file upload. I would talk to your security people and try to get this rule removed--there are a million ways to upload a file and a blanket block of form data seems like a really ineffective measure.
Hope that helps!
Bart, thanks for this comment -- it makes me think that even if I could pull 3.x sources and instantiate the old client locally, the server side would likely not respond to the old JSON method. Alas.
I have tried to navigate around the github page, and have found quite a bit of source code, so that's good as far as it goes.
But, can anyone point me to any higher-level design or architecture documentation? That'll be more helpful I think.
Thanks again.
/cb
I think the JSON endpoint is still there, but probably not for much longer once 3.x is retired. The bottom line is that some types of sending are very bandwidth intensive and reducing them by 33% is a big win in most cases.
Do you think it's possible for you to get your company's security software to remove that rule? It seems pretty silly anyway--if they are worried about data exfiltration literally any connection to the Internet is just as dangerous as allowing form data requests.
And yes, there are other ways to do binary uploads (BSON, protobuf) that may get around your particular problem but changing this to accommodate one finicky piece of security software is going to be a tough sell in terms of prioritization unfortunately.
Please complete the following checklist (by adding [x]):
When I attempt to send an email using the new web client, it triggers a file upload block in my company's security software. This affects all web client versions since version 4.x, including the current version 5.0.1.4 beta. This does not affect web client version 3.x. This used to be served by old.protonmail.com, but not any more (as of today).
I'll put a little more information about the behavior and mitigations below.
I'd like to ask the community for information on two questions;
Thank you for any information.
/cb
To address the problem, I have:
Some possibly relevant facts about the behavior:
Thanks again for any help with this.
/cb