Open smokris opened 6 months ago
I second this, GET should not be destructive, so there should be a kind of confirmation to prevent issues with preview fetchers, link checkers in mails and such.
Snappass does it similar: https://github.com/pinterest/snappass
I like the file upload and seperated decryption key features, but i'll stick with snappass for now, because i can see issues for users that have their shared content randomly deleted.
When we enable "One-time download" and send a Yopass "One-click link" by email, sometimes the recipient sees "Secret does not exist" instead of the actual secret message.
I believe this is because the recipient is using an email service that automatically visits all links in the email to scan them for malware — when the email service automatically visits the Yopass one-click link, it causes the secret to self-destruct before the recipient can actually see it.
To work around this, when viewing a one-click link, Yopass could show an in-page confirmation dialog before revealing (and self-destructing) the secret message:
Details
> **Show the secret message now?** > > The secret message will be automatically deleted after you view it, so make sure you're ready to use its content. > > **[Show the message]** [Not yet]