Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure Branch Key in Web SDK #660

Open
idalv opened this issue Oct 11, 2019 · 1 comment
Open

Secure Branch Key in Web SDK #660

idalv opened this issue Oct 11, 2019 · 1 comment

Comments

@idalv
Copy link

idalv commented Oct 11, 2019
edited
Loading

According to the documentation the only way to use the Web SDK is to call init and pass the Branch key when doing the call. Doing that makes the key accessible by the web clients. And since I could not find any other validation - like white-listing the domains or anything else - one could easily take the key and at least:

  1. use $desktop_url when creating a link with .link (I tried that) or any other $xxx_url to navigate to his/her or any random site.
  2. And if this is not very worthy, he/she could just generate a lot of MAUs and bump the key owner's bill.

I just started looking at the Branch service yesterday so probably I am missing something? However the first use case can be easily tried with the key from your sample app on https://cdn.branch.io/
@Walidhossain010
Copy link

what do you mean by MAUS?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@idalv @Walidhossain010