Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

review websockets layer security #2471

Closed
totaam opened this issue Nov 3, 2019 · 1 comment
Closed

review websockets layer security #2471

totaam opened this issue Nov 3, 2019 · 1 comment
Labels
v3.0.x

Comments

@totaam
Copy link
Collaborator

totaam commented Nov 3, 2019
edited
Loading

What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs

Takeaways:
@totaam
Copy link
Collaborator Author

totaam commented Oct 17, 2020
edited
Loading

The origin header is trivial to modify, so not worth checking.

The rest doesn't apply to us: we handle the websocket layer directly so it can't be misused to access other services, we have our own authentication modules already, and tighter restrictions can be added using firewall / proxies..

@totaam totaam closed this as completed Oct 17, 2020
@totaam totaam added the v3.0.x label Jan 22, 2021
@totaam totaam mentioned this issue Apr 25, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
v3.0.x
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@totaam