-
Notifications
You must be signed in to change notification settings - Fork 195
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: secure allowance creationby including protocol information #2930
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
when we save new allowances, don't we there also need a change to save it with the protocol?
is there any other way we can create allowances? if we use providers to create one. we already store allowance host along with https prefix |
aah! yes you are right, we add allowances while confirmPayment + doing keysends as well. fixed |
This currently breaks the links on the connected sites pages. I think we should only add the warning and not change the allowance and the host usage for now. We can do this in a follow-up |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let's only add the warning. the change in the allowance has some issues like for example the links to the site a broken.
let's do this in a follow-up PR.
resolved! + for existing connected sites when we have migrations running. they will not cause the problem |
migrate existing host in payments table
Describe the changes you have made in this PR
Include the fully qualified origin for allowances
Migrate existing allowances (prefix with https)
Potentially display a warning on the enable screen when connecting to non-ssl domains (MITM)
Link this PR to an issue [optional]
Fixes #2437
Type of change
(Remove other not matching type)
feat
: New feature (non-breaking change which adds functionality)Screenshots of the changes [optional]
How has this been tested?
create allowance on http site
Checklist