-
Notifications
You must be signed in to change notification settings - Fork 893
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security] Mitigate DNS rebinding flaw #3046
Conversation
The commit that we're pinning to now is here: brave/webtorrent@423f1fa |
8feb18f
to
8936a16
Compare
Forgot to update |
I'm getting a travis failure that I'm not sure is my fault. Any ideas?
|
8936a16
to
83be041
Compare
As I shared through DM, this might be fixed if you remove node_modules and reinstall. |
Yep, thanks. That was the fix. Looks like npm gets confused by the fact that we're pinning to the forks of This annoyance should hopefully be fixed by: brave/brave-browser#856 |
Fix: brave/brave-browser#5460
Submitter Checklist:
npm run lint
)git rebase master
(if needed).git rebase -i
to squash commits (if needed).Test Plan:
cat <(echo -en 'GET / HTTP/1.1\r\nHost: attacker.com\r\n\r\n') - | nc localhost 58630
. Note: be sure to replace58630
in the command with the actual port number you observed in Step 4.Reviewer Checklist:
After-merge Checklist:
changes has landed on.