Closed TRtomasz closed 1 year ago
rkalis
commented
1 year ago Hey, thanks for adding this. Looking at it, do you think it's better to just remove the allowedDomains option? I'm not sure of the implications though, do you have any thoughts on that?
Ivshti
commented
1 year ago hey @rkalis we haven't thought about the security implications of this, but on first thought it could be ok. The only problem I can think of is UI re-dress/clickjacking, but in most web3 use cases I think that's a non-issue. It's not applicable at all in the safe SDK case because if you were able to apply this attack, you'd have to sit in the place of the wallet - you can't apply this attack on an existing wallet.
rkalis
commented
1 year ago That is what I'd imagine as well. In that case, would you mind updating this PR to just remove the allowedDomains option altogether?
TRtomasz
commented
1 year ago @rkalis sure, done
rkalis
commented
1 year ago Perfect, thank you!
vercel[bot]
commented
1 year ago The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| revoke-cash | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | Apr 11, 2023 0:30am |
gitpoap-bot[bot]
commented
1 year ago Congrats, your important contribution to this open-source project has earned you a GitPOAP!
GitPOAP: 2023 Revoke.cash Contributor:
Head to gitpoap.io & connect your GitHub account to mint!
Learn more about GitPOAPs here.
@TRtomasz is attempting to deploy a commit to the Kalis Software Team on Vercel.
A member of the Team first needs to authorize it.