Comments (5)
I dived quite deeply into this topic and learned a lot about what is really going on here. I have some solutions implemented with different security impacts. I am quite unsure about which way is planed for hoppscotch.
My current suggestion:
Implement different auth for windows and macos
1.) MacOs: use localstorage + JWT Bearer in Auth header. . This could be considered to be safe as in MacOs Webkit the localstorage is partioned and only accessable for the page who created the entry.
2.) Windows: use new partioned cookies as recommened by google as the localstorage will be not partioned.
This is working seemless on my fork.
I would like to talk to someone about all this before creating a PR.
from hoppscotch.
Hi @mkohns , we're actively working on this issue. We expect it to be resolved by the end of the month with the upcoming release of our revamped desktop app.
from hoppscotch.
Hey this sounds great. Do you have some more details what will be revamped?
from hoppscotch.
@AndrewBastin will be able to give more insights on this.
from hoppscotch.
Hey @AndrewBastin nice to meet you!
Cool to hear that you are making revamping enhancements to the desktop app.
I also played around with the tauri + backend to get JWT Bearer working instead of cookies for Mac.
Could you give me some hints which major changes you are planning to do?
from hoppscotch.
Related Issues (20)
- [bug]: When Json is beautified, the precision of long integer values ββis lost HOT 1
- [bug]: Why can't the new request be saved? HOT 1
- [feature]: Hopp CLI Junit report
- [bug]: invalid magic link on e-mail HOT 1
- [feature]: Support for cookie manager in web app
- [bug]: "Unable to load auth providers" when I try to login HOT 5
- [bug]: Desktop app build error using tauri HOT 3
- [bug]: Email is not receiving when try to login from desktop app HOT 5
- [bug]: Open the PORT 3100 prompt in the management panel or browser, indicating that it has been blocked by CORS HOT 1
- [feature]: standalone cli docker image HOT 1
- [bug]: (sh-desktop) Javascript - Security issue? HOT 1
- [bug]: Content-Type is not overriden by header when use Hoppscotch CLI
- [bug]: Not able to comment in application/json request body
- [bug]: Double-click on a request that has been processed by the search (these requests are from the collection) to jump to the wrong request
- [feature]: The response to that request is also saved in the history
- [bug]: Infra config does not reload anymore HOT 5
- Confidential Information is stored in plain text in the DB
- [feature]: Hopscotch is a great tool, but I want to use the SOAP protocol. Is it supported?
- [feature]: Could the desktop app take in a argument to change the default directory
- [feature]: Allow file based variables
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hoppscotch.