Closed cameronperera closed 2 weeks ago
The latest updates on your projects. Learn more about Vercel for Git ↗︎
Name | Status | Preview | Comments | Updated (UTC) |
---|---|---|---|---|
boundary-ui | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | Sep 13, 2024 5:47pm |
boundary-ui-desktop | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | Sep 13, 2024 5:47pm |
Description
This is a fix for an issue found in a security audit. (see ticket for more details). ✅ Closes: https://hashicorp.atlassian.net/browse/ICU-13242
My thinking here is we cannot check the whole
href
as the port is dynamic. However, adding a:
at the end should prevent someone from using a clusterURL similar to these:http://localhost.somedomain.com/
,http://localhostdomain.com/
.Screenshots (if appropriate)
How to Test
Using the Desktop Client, authenticate using an OIDC auth-method and it should still be able to trigger opening a window in your browser if using
http://localhost:xxxx
.Checklist