search

minshikshin / google-cast-sdk

Automatically exported from code.google.com/p/google-cast-sdk
0 stars 0 forks source link

Security: Insecure transfers to Google-Analytics #654

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?

  Open Chrome with Google Cast extension installed.
  Observe: Data leaks out over HTTP. Screenshot: https://twitter.com/ericlaw/status/649439380625469440

What is the expected output? What do you see instead?

Expect HTTPS is used.

What version of the product are you using? On what operating system?
Google Cast 15.827.0.2

Please provide any additional information below.

The manifest.json file included in the extension appears to allow insecure 
transfers to Google-Analytics:

 "content_security_policy": "default-src 'self'; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com;

Original issue reported on code.google.com by bay...@gmail.com on 1 Oct 2015 at 4:24

GoogleCodeExporter commented 9 years ago 
We are looking into the issue.

Original comment by jonathan...@google.com on 1 Oct 2015 at 6:32