Closed walmat closed 5 years ago
Here's the checklist
I'm looking over the changes in issue_61
and there have been a lot of updates since we've last worked on this branch. I think we should start fresh since that branch is pretty stale.
I agree
Think about a strategy to prevent application like Charles/MitMProxy/etc. from logging out our requests.
Looks like 3. (Enable Context Isolation) isn't possible for us at the moment. The description for enabling it is misleading because while the preload
script does have read access to the window
from the browser, it cannot write anything. This means that we can't attach our window.Bridge
API to the browser. Instead it gets set within the preload
scripts context, while the browser's window.Bridge
remains undefined.
I'm not sure if there is a good way around this, we might have to think about different methods of enabling IPC communication in the future if we do want to enable context isolation.
Looks like 3. (Enable Context Isolation) isn't possible for us at the moment. The description for enabling it is misleading because while the
preload
script does have read access to thewindow
from the browser, it cannot write anything. This means that we can't attach ourwindow.Bridge
API to the browser. Instead it gets set within thepreload
scripts context, while the browser'swindow.Bridge
remains undefined. ...
@pr1sm okay honestly that’s fine. I don’t know how important context isolation is in our case
Sent with GitHawk
If you've been developing and noticing a few security warning in the console, that's because there are a few current flaws in Nebula's shell.
I think when everything is squared away, or maybe before– idk, we should run through these steps to ensure total security when a user runs our application.