Greg Cochard

> even if it is a request over SSL, it doesn't secure the data passed via GET @kaosdynamics This is completely untrue. GET queries are still encrypted in a TLS...

If you are using https, then nobody should be able to MITM the connection. if they do MITM, the secret will be compromised.

I just checked and API Gateway doesn't listen on port 80, and the FAQ states that API Gateway [doesn't support unencrypted endpoints](https://aws.amazon.com/api-gateway/faqs/#:~:text=Amazon%20API%20Gateway%20does%20not%20support%20unencrypted). One way to do this would be to...

A very simple workaround for this is to modify the lambda handler function to set `event['headers']['X-Forwarded-Proto'] = 'https'` and/or `event['multiValueHeaders']['X-Forwarded-Proto'] = 'https'` immediately before calling `serverless_wsgi.handle_request`.

@benrondeau make sure to build the extension with `npm run build` before trying to load it if you haven't already done that.

I just saw this yesterday: the bot repeatedly updated its offer subtracting 100 stroops every iteration for quite a while until I caught it. In a slow market, this just...

Re: #7 It looks like this might fix the issue and not introduce any regressions. It may also fix #4 but I'm not sure. Both are definitely related to the...

Thanks for the bug report, a minimal code example would be great! If you have a pull request that would be even better! If not, I can probably take a...

A hardware backed rsa, ecdsa or ed25519 key should be easy to implement as long as the yubikey can generate the public key in standard openssh format. You can send...

I modified [viasat/alohomora](https://github.com/Viasat/alohomora) to [add support for U2F](https://github.com/Viasat/alohomora/pull/28) using the python-libu2f-host library. Perhaps my modifications can be a building block for this library? The auth API still needs to add...