Closed Raz-Hemo closed 2 years ago
It is used so that ficsit.app can check if SMM is installed to show the install button, which installs the mod using SMM. It will also be used at some point for ficsit.app querying the installed mods to display that
It is used so that ficsit.app can check if SMM is installed to show the install button, which installs the mod using SMM. It will also be used at some point for ficsit.app querying the installed mods to display that
And that doesn't change anything about it being a potential security risk. How is it protect from malicious connections? Just for that functionality, it should offer a way to simply disable it. I would honestly be more willing to install a browser plugin for that, instead of having an open socket.
You can add deep link support to SMM and use them in ficsit.app, that's the correct and safer way to do it.
https://shipshape.io/blog/launch-electron-app-from-browser-custom-protocol/ for details
The issue is not the passing of data from the site to the app (which is already used), but to detect whether the app is open.
How do you propose some malicious payload can be sent though this method of a simple ping-response port?
The websocket now only listens on localhost, so the port is not open, tripping the windows firewall
https://github.com/satisfactorymodding/SatisfactoryModManager/blob/7380f8a9b3119ffdd8be3d35317dc265e5dfa9cb/src/main/index.js#L254-L259
This seems to be unused at the moment, and i think it's preferable for security reasons to delete this - am I missing something?