View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0005802 | GNUnet | rest service | public | 2019-07-11 16:50 | 2019-07-24 20:42 |
Reporter | schanzen | Assigned To | schanzen | ||
Priority | urgent | Severity | major | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Target Version | 0.11.6 | Fixed in Version | 0.11.6 | ||
Summary | 0005802: REST service should have some advanced CORS logic | ||||
Description | Currently, the REST server allows to be configured in a way that it echoes the Origin of an HTTP request in the CORS reponse. This is a security issue as any website is now able to call the GNUnet REST API from the browser. We should find a way to only allow special browsers and domains to be able to call the REST API and/or leverage the CORS enforcement of the browser. Intentially blocking for 0.11.6 | ||||
Tags | No tags attached. | ||||
Date Modified | Username | Field | Change |
---|---|---|---|
2019-07-11 16:50 | schanzen | New Issue | |
2019-07-11 16:50 | schanzen | Status | new => assigned |
2019-07-11 16:50 | schanzen | Assigned To | => schanzen |
2019-07-11 16:50 | schanzen | Assigned To | schanzen => |
2019-07-11 16:51 | schanzen | Target Version | => 0.11.6 |
2019-07-11 16:51 | schanzen | Description Updated | |
2019-07-11 18:32 | schanzen | Assigned To | => schanzen |
2019-07-11 18:32 | schanzen | Status | assigned => resolved |
2019-07-11 18:32 | schanzen | Resolution | open => fixed |
2019-07-11 18:32 | schanzen | Note Added: 0014667 | |
2019-07-24 20:41 | Christian Grothoff | Fixed in Version | => 0.11.6 |
2019-07-24 20:42 | Christian Grothoff | Status | resolved => closed |