toeverything
Potential security breach of desktop app
What happened?
In the current workflow, a bad guy could make a fake electron app, register the same scheme like affine:// and intercept the user token.
Distribution version
macOS x64 (Intel)
What browsers are you seeing the problem on if you're using web version?
No response
Relevant log output
No response
Anything else?
No response
Are you willing to submit a PR?
- [ ] Yes I'd like to help by submitting a PR!
You good boy against the bad guy
Peng Xiao @.***>于2023年10月2日 周一01:33写道:
What happened?
In the current workflow, a bad guy could make a fake electron app, register the same scheme like affine:// and intercept the user token. Distribution version
macOS x64 (Intel) What browsers are you seeing the problem on if you're using web version?
No response Relevant log output
No response Anything else?
No response Are you willing to submit a PR?
- Yes I'd like to help by submitting a PR!
— Reply to this email directly, view it on GitHub https://github.com/toeverything/AFFiNE/issues/4557, or unsubscribe https://github.com/notifications/unsubscribe-auth/AS5AYR6CD2L4DQBCFWIREYTX5J37JANCNFSM6AAAAAA5PCIQ2U . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Issue Status: 💡 Open
💡 Open
We want to implement the fix or feature in the near future. We can’t promise it will appear in the next public release, but it’s on our short list.
This is an automatic reply by the bot.
![affine-issue-bot[bot] avatar](https://avatars.githubusercontent.com/in/852626?v=4 "Published by a pub.dev verified publisher"){kind=small}
