python-eel / Eel

A little Python library for making simple Electron-like HTML/JS GUI apps
MIT License
6.5k stars 592 forks source link

Security Tokens #380

Open bitnom opened 4 years ago

bitnom commented 4 years ago

Recommend adding a security feature to "start" such as secure=True|False which requires any client connecting on the bottle port to supply a randomly generated token to connect. We may not want other localhost applications to be able to make requests to the Eel app. The token could be sent to Eel by GET or POST and then added to a cookie.

perskes commented 5 months ago

I would really appreciate this too. It appears that eel uses bottle as webserver, and bottle at least supports a decorator for basic auth. I dont trust myself with implementing this in a tool (eel) I havent used a lot, but I would approach it if @ChrisKnott would give us their opinion. https://stackoverflow.com/a/52461939