Comments (5)
I dived quite deeply into this topic and learned a lot about what is really going on here. I have some solutions implemented with different security impacts. I am quite unsure about which way is planed for hoppscotch.
My current suggestion:
Implement different auth for windows and macos
1.) MacOs: use localstorage + JWT Bearer in Auth header. . This could be considered to be safe as in MacOs Webkit the localstorage is partioned and only accessable for the page who created the entry.
2.) Windows: use new partioned cookies as recommened by google as the localstorage will be not partioned.
This is working seemless on my fork.
I would like to talk to someone about all this before creating a PR.
from hoppscotch.
Hi @mkohns , we're actively working on this issue. We expect it to be resolved by the end of the month with the upcoming release of our revamped desktop app.
from hoppscotch.
Hey this sounds great. Do you have some more details what will be revamped?
from hoppscotch.
@AndrewBastin will be able to give more insights on this.
from hoppscotch.
Hey @AndrewBastin nice to meet you!
Cool to hear that you are making revamping enhancements to the desktop app.
I also played around with the tauri + backend to get JWT Bearer working instead of cookies for Mac.
Could you give me some hints which major changes you are planning to do?
from hoppscotch.
Related Issues (20)
- [bug]: Written Error
- [bug]: Tt.auth.getAllowedAuthProviders is not a function. HOT 1
- [bug]: import curl missing query parameters HOT 4
- [bug]: 2024.7.1 backend docker image start failed with error "listen tcp :80: bind: permission denied" HOT 7
- [feature]: Pre-fill file name and extension when downloading a file.
- [bug]: Mqtt over Websockets always uses port 8081
- How can i download browser extension ?
- [bug]: When adding params to url it doesn't reflected on the Query Parameter HOT 1
- [feature]: Vertical tabs HOT 3
- [bug]: cancel button disappear HOT 1
- [bug]: Server-sent events are not working with nuxt
- [bug]: Introspection in GraphQL not working when OAuth2 is active
- [bug]: Microsoft AAD Entra-ID implicit token flow -Origin header changed by using CORS-Plugin HOT 1
- [feature]: pw.setSecret
- [bug]: Personal Workspace disappeared after latest update HOT 1
- [bug]: "Could not send request" when sending cookies with a newline or %0 character.
- Save Button Fails to Save Newly Generated Token in Teams Workplace
- [bug]: The inherit header is not showing in code snippet
- [bug]: Can See Collections, Requests, etc...When Logged Out HOT 2
- [bug]: Admin Dashboard and Login pane not showing up, 405 and configuration errors. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hoppscotch.