Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enhancement] If using client mode, do not send peers from another ws-domain #269

Open
schlagmichdoch opened this issue Feb 13, 2024 · 0 comments · May be fixed by #267
Open

[Enhancement] If using client mode, do not send peers from another ws-domain #269

schlagmichdoch opened this issue Feb 13, 2024 · 0 comments · May be fixed by #267
Labels
bug Something isn't working security under development

Comments

@schlagmichdoch
Copy link
Owner

Describe the bug
Currently, peer secrets are saved in one database without specifying the websocket domain they are used with. This is not a problem for normal operation, as the IndexedDB databases are specific to each domain.

Expected behavior
To prevent sending secrets not created by the websockets specified via the client mode, we should add an entry ws-domain to the table and save the currently used websocket domain to it. Then, when connecting to a websocket, only those peer secrets belonging to the ws-domain or rather always only get those room secrets that belong to the websocket domain via the PersistentStorage class.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working security under development
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

WIP: Release Next Major Version v2.0.0 schlagmichdoch/PairDrop
1 participant
@schlagmichdoch