Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docs Pro-Tips Whitelist possible flaw? #226

Closed
jurkan opened this issue Jul 11, 2014 · 3 comments
Closed

Docs Pro-Tips Whitelist possible flaw? #226

jurkan opened this issue Jul 11, 2014 · 3 comments

Comments

@jurkan
Copy link

jurkan commented Jul 11, 2014

http://raven-js.readthedocs.org/en/latest/tips/index.html

If it's parsed as regex, wouldn't the example whitelist also match yourexample.com, which could be registered by a completely different person?

@mattrobenolt
Copy link
Contributor

Yeah, you're right. :) I'll fix.

@robinwassen
Copy link
Contributor

I would close this issue as won't fix, because it can't be exploited for anything at all.

And if someone as a script kiddie want to go around the check on his own client, well, just modify the whitelist instead of including stuff from other domains.

@mattrobenolt
Copy link
Contributor

Yeah, it doesn't really matter. It has nothing to do with authentication or anything like that. It's all backed by authentication on the server. This whitelist is just to block out noise from errors that you don't care about. --
Sent from Mailbox

On Fri, Aug 22, 2014 at 12:30 PM, Robin Andersson
notifications@github.com wrote:

I would close this issue as won't fix, because it can't be exploited for anything at all.

And if someone as a script kiddie want to go around the check on your own client, well, just modify the whitelist instead of including stuff from other domains.

Reply to this email directly or view it on GitHub:
#226 (comment)

matghaleb pushed a commit to matghaleb/raven-js that referenced this issue Sep 9, 2015
kamilogorek pushed a commit that referenced this issue Jun 12, 2018
* Simplify context methods to fall back on instance-global context

* Fix setContext, add merging hierarchy w/tests

* Simplify errorHandler middleware, call next immediately instead of waiting for capture

* Deprecate setUser/Tags/ExtraContext

* Rename/fix updateContext -> mergeContext
billyvg added a commit that referenced this issue Dec 12, 2024
Includes the following fixes:

- fix: remote CSS does not get rebuilt properly ([#226](getsentry/rrweb#226))
- fix(snapshot): Set <link> attributes to null for remote CSS ([#227](getsentry/rrweb#227))
- fix(snapshot): Change to ignore all link[rel="modulepreload"] ([#228](getsentry/rrweb#228))
billyvg added a commit that referenced this issue Dec 12, 2024
Includes the following fixes:

- fix: remote CSS does not get rebuilt properly ([#226](getsentry/rrweb#226))
- fix(snapshot): Set <link> attributes to null for remote CSS ([#227](getsentry/rrweb#227))
- fix(snapshot): Change to ignore all link[rel="modulepreload"] ([#228](getsentry/rrweb#228))
billyvg added a commit that referenced this issue Dec 12, 2024
Includes the following fixes:

- fix: remote CSS does not get rebuilt properly
([#226](getsentry/rrweb#226))
- fix(snapshot): Set <link> attributes to null for remote CSS
([#227](getsentry/rrweb#227))
- fix(snapshot): Change to ignore all link[rel="modulepreload"]
([#228](getsentry/rrweb#228))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants