Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

restrict origins that brave app proccess can connect to #11889

Closed
diracdeltas opened this issue Nov 9, 2017 · 2 comments
Closed

restrict origins that brave app proccess can connect to #11889

diracdeltas opened this issue Nov 9, 2017 · 2 comments
Assignees
@diracdeltas @jumde
Labels
open-in-brave-core privacy security

Comments

@diracdeltas
Copy link
Member

we have CSPs that limit what the Brave main renderer process and what Brave about: pages can connect to, but there is currently nothing that limits the main app process. we should find a way to do this so that PRs like #11727 don't add arbitrary domain connections. also we should never connect to unencrypted origins in the main app process.
@diracdeltas diracdeltas self-assigned this Nov 9, 2017
@diracdeltas diracdeltas mentioned this issue Nov 11, 2017
Merged
8 tasks
@diracdeltas diracdeltas removed their assignment Nov 21, 2017
@bsclifton bsclifton added this to the Triage Backlog milestone Nov 27, 2017
@diracdeltas
Copy link
Member Author

cc @jumde since #12190 and this issue both require figuring out what origins Brave is actually connecting to

@diracdeltas diracdeltas mentioned this issue Dec 12, 2017
Closed
@jumde jumde self-assigned this Dec 27, 2017
@diracdeltas diracdeltas mentioned this issue Jan 30, 2018
Closed
@diracdeltas diracdeltas self-assigned this Feb 1, 2018
@diracdeltas diracdeltas mentioned this issue Feb 13, 2018
Merged
10 tasks
@tildelowengrimm tildelowengrimm mentioned this issue Apr 17, 2018
Closed
@tildelowengrimm
Copy link

Closed in favor of brave/brave-browser#163 .

@bsclifton bsclifton removed this from the Triage Backlog milestone Jun 18, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@diracdeltas diracdeltas

@jumde jumde

Labels
open-in-brave-core privacy security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@diracdeltas @tildelowengrimm @jumde @bsclifton