Closed cod3monk closed 2 years ago
I'm not really sure about this from a security point of view: The user can access arbitrary websites (as soon as he finds a Google or Facebook link somewhere on the homepage) inside a system where we absolutely don't want any possibility of intrusion.
Yes, but https://fablab.fau.de was just an example. The idea is to have a site which only has internal links which are meant to be displayed on the cash terminal.
We might be able to restrict URLs to certain domains though.
Am 28.01.2016 um 11:04 schrieb Max Gaukler notifications@github.com:
I'm not really sure about this from a security point of view: The user can access arbitrary websites (as soon as he finds a Google or Facebook link somewhere on the homepage) inside a system where we absolutely don't want any possibility of intrusion. — Reply to this email directly or view it on GitHub.
We are dropping this feature
configurable via [web]