toolmantim
commented
7 years ago @whit537 for now I've had to switch to a fork/branch that reverts #311: https://github.com/toolmantim/slackin/commits/revert-recaptcha
Closed toolmantim closed 6 years ago
toolmantim
commented
7 years ago @whit537 for now I've had to switch to a fork/branch that reverts #311: https://github.com/toolmantim/slackin/commits/revert-recaptcha
chadwhitacre
commented
7 years ago @toolmantim FYI I'm not a maintainer on this project and I don't plan to help with adding reCAPTCHA support to the badge version. See SlackOut for an explanation of the security risk you're taking by reverting #311 (we're not actually using SlackIn anymore because our Slack hasn't recovered from SlackOut yet). Good luck! :-)
toolmantim
commented
7 years ago @whit537 yep, understood. I just thought you might have some ideas/thoughts on how to unbreak things, seeing as you did the implementation?
My only suggestion is to remove the popup that opens when you click the badge, and instead link to the URL in a new tab/window.
chadwhitacre
commented
7 years ago seeing as you did the implementation?
I actually just cleaned up someone else's implementation. 😞
toolmantim
commented
6 years ago Having switched to slackin-extended, I'm closing this for now.
It appears that the reCAPTCHA support added in #311 ignored the badge/iframe version of slackin, and as it stands at the moment the badge version is unusable (see https://github.com/rauchg/slackin/pull/311#issuecomment-320101621). This is a problem for people wanting to update their Heroku apps because of the Node vulnerability.
This is a start at fixing it, but I'm not exactly sure how we can even support it in an iframe popup? For example: