Comments (3)
@KhaosT Thank you for your contribution! I looked into this and found some things to consider here.
If we only check the manifest.json, in theory everyone could generate any Apple Wallet pass. A modified trademark of the pass is prohibited by Apple and could lead to the revocation of my Apple Developer Certificate. See this excerpt from the Apple Developer Agreement.
To preserve the trademark, I suggest checking against the icon/logo hash on the server side. In order to preserve other static content of the pass, we would have to modify the structure of the pkpass file in some way, e.g by adding a json file of which we again check the hash on the server.
Another concern is that we do not verify the validity of the created vaccination certificate at the moment. This is something we would also have to do on the server and need the QR Code data for I believe. See this issue.
The best compromise would be to have the user opt in to validate the pass. In this case, the data would be sent to the server for validation and pass generation. If they opt out however, we would generate the pass in the browser and only check against the trademark and some static content if possible (e.g. a visible hint that the certificate may be invalid).
I am looking forward to your and the others ideas on this.
from covidpass.
To preserve the trademark, I suggest checking against the icon/logo hash on the server side.
I pushed it in this configuration now.
from covidpass.
Hi,
we transitioned the frontend to the new API written in C#.
The frontend generates the whole pass and only send the hashed pass.json
to the server. This also includes the information about color because the icon hashes are different (either black or white icons).
from covidpass.
Related Issues (20)
- QR Code Size HOT 1
- QR code scan on iOS not working HOT 2
- QR code detection in PDFs sometimes fails HOT 1
- SyntaxError: Unexpected token '=' HOT 1
- Help Doesen't Work HOT 1
- Buttons not working HOT 4
- Scan to verify HOT 9
- Vaccination certifcates from Taiwan HOT 1
- doesn't work anymore on iOS 14.6 (iPhone 11 Pro) (italian pass) HOT 1
- Server error: “Connection is not in private mode” HOT 3
- Remove from wallet HOT 1
- COVID pass in Apple Watch wallet HOT 5
- Impossible to create card (null is not an object)
- Buttons don't work in iOS 14.5 HOT 2
- Covid Certificate not readable on Apple Watch HOT 1
- 3 of 3
- italian exemption certificate
- Increase QR code size HOT 1
- Reference to iOS 15.4 feature to store EU DCCs in Wallet (and Health)? HOT 8
- Website discontinued HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from covidpass.