Closed thomas-senechal closed 2 weeks ago
This box is a big security issue => any provider can inject anything into the page while retaining the "hosted by massa" box ==> this is obviously dangerous for a mainnet launch + we should not force this pop up on providers
Proposition: remove this box by default, allow providers to set there own box with an env config or something
Massa will have it's own DeWeb box that fits branding + adds additional security layers ensuring that it is safe
Imo, we should provide a "secure" template that builders can customize depending on there need.
@thomas-senechal @SlnPons wdyt ?
I don't understand the issue TBH As any open source project you have can self hoft, anybody can modify the project source code and host it, so, I'm unsure to understand the issue security issue on that side ? There is a security concern with CSS and HTML manipulation of the popup, but I'm unsure it's "too risky"
Also, ATM, the popup is embeded into the binary, so there is no way to modify it except if you modify the code So, litteraly the "big security issue" you raised
And this popup is something the foundation requested, mainly for the "immutability" part, but even if we don't have it now, it's something we still need, and if i'm not mistaking, it's something we already decided to keep (and change with a bar as specified in the issue), so I'm unsure this issue is the right place to discuss this subject
okay no problem I just wanted to raise these questions ! i'll continue as planned :)
Context The current pop up is not following current UI & UX web standards. Make sure they follow standards and also that it's consistent across all websites and CSS.
How to