Use the fragment to store query params to prevent information leaks

xmrdotgift / wallet

A non-custodial Monero wallet that runs in the browser.

https://xmr.gift/wallet

MIT License

8 stars 3 forks source link

Use the fragment to store query params to prevent information leaks #8

Closed onionltd closed 2 years ago

onionltd commented 2 years ago

The fragment is used to store a wallet seed. The rest of the wallet params is sent as query params. This dichotomy makes the URL unnecessarily complex and leaks some information to the server, which could be used to identify wallet users.