Comments (5)
mkohns
commented on June 13, 2024
I dived quite deeply into this topic and learned a lot about what is really going on here. I have some solutions implemented with different security impacts. I am quite unsure about which way is planed for hoppscotch.
My current suggestion:
Implement different auth for windows and macos
1.) MacOs: use localstorage + JWT Bearer in Auth header. . This could be considered to be safe as in MacOs Webkit the localstorage is partioned and only accessable for the page who created the entry.
2.) Windows: use new partioned cookies as recommened by google as the localstorage will be not partioned.
This is working seemless on my fork.
I would like to talk to someone about all this before creating a PR.
from hoppscotch.
SanskritiHarmukh
commented on June 13, 2024
Hi @mkohns , we're actively working on this issue. We expect it to be resolved by the end of the month with the upcoming release of our revamped desktop app.
from hoppscotch.
mkohns
commented on June 13, 2024
Hey this sounds great. Do you have some more details what will be revamped?
from hoppscotch.
SanskritiHarmukh
commented on June 13, 2024
@AndrewBastin will be able to give more insights on this.
from hoppscotch.
mkohns
commented on June 13, 2024
Hey @AndrewBastin nice to meet you!
Cool to hear that you are making revamping enhancements to the desktop app.
I also played around with the tauri + backend to get JWT Bearer working instead of cookies for Mac.
Could you give me some hints which major changes you are planning to do?
from hoppscotch.
Related Issues (20)
- [feature]: configurable banner for announcements / news for Selfhosted
- [feature]: Record the day of the last login HOT 3
- [feature]: API for user management HOT 1
- [feature]: audience support for OAuth2.0 client credentials HOT 1
- [bug]: incorrect multipart/form-data body HOT 1
- [bug]: Lost all saved data after recent update HOT 6
- [feature]: Use jq instead of JSONPath for filtering JSON HOT 2
- [feature]: Distribute to vscode marketplace HOT 1
- [feature]: Environment variables in Collection properties
- Don't exist a file .env in the root directory - Failed build HOT 1
- [bug]: Hoppscotch crashes on Windows.
- [bug]: When Json is beautified, the precision of long integer values ββis lost HOT 1
- [bug]: Why can't the new request be saved? HOT 1
- [feature]: Hopp CLI Junit report
- [bug]: invalid magic link on e-mail HOT 1
- [feature]: Support for cookie manager in web app
- [bug]: "Unable to load auth providers" when I try to login HOT 5
- [bug]: Desktop app build error using tauri HOT 3
- [bug]: Email is not receiving when try to login from desktop app HOT 5
- [bug]: Open the PORT 3100 prompt in the management panel or browser, indicating that it has been blocked by CORS HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hoppscotch.