This repository has been archived by the owner on Dec 11, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 974
restrict origins that brave app proccess can connect to #11889
Labels
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
we have CSPs that limit what the Brave main renderer process and what Brave about: pages can connect to, but there is currently nothing that limits the main app process. we should find a way to do this so that PRs like #11727 don't add arbitrary domain connections. also we should never connect to unencrypted origins in the main app process.
The text was updated successfully, but these errors were encountered: