search

superhero-com / superhero-wallet

Superhero is a multi-blockchain wallet to manage crypto assets and navigate the web3 and DeFi space. Currently supporting Bitcoin, Ethereum and æternity blockchains.
https://wallet.superhero.com
ISC License
39 stars 38 forks source link

Wallet shouldn't be openable over http #1979

Closed davidyuk closed 1 year ago

davidyuk commented 1 year ago

Describe the bug Currently, Superhero Wallet can be opened over http. In this case MITM can replace JS payload exposing sensitive data to third parties. Also, some modern web APIs is not working in unsecured contexts that may produce unexpected errors.

To Reproduce Steps to reproduce the behavior:

  1. Open "http://wallet.superhero.com" in Chrome

Expected behavior Web server should constantly redirect HTTP requests to HTTPS. With no ability to open the wallet over HTTP.

Screenshots

Screenshot 2023-04-09 at 10 27 30
mmpetarpeshev commented 1 year ago

Its deployed on gh pages and required to enable the https redirect in the configuration.