-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docs Pro-Tips Whitelist possible flaw? #226
Comments
Yeah, you're right. :) I'll fix. |
I would close this issue as won't fix, because it can't be exploited for anything at all. And if someone as a script kiddie want to go around the check on his own client, well, just modify the whitelist instead of including stuff from other domains. |
Yeah, it doesn't really matter. It has nothing to do with authentication or anything like that. It's all backed by authentication on the server. This whitelist is just to block out noise from errors that you don't care about. -- On Fri, Aug 22, 2014 at 12:30 PM, Robin Andersson
|
* Simplify context methods to fall back on instance-global context * Fix setContext, add merging hierarchy w/tests * Simplify errorHandler middleware, call next immediately instead of waiting for capture * Deprecate setUser/Tags/ExtraContext * Rename/fix updateContext -> mergeContext
Includes the following fixes: - fix: remote CSS does not get rebuilt properly ([#226](getsentry/rrweb#226)) - fix(snapshot): Set <link> attributes to null for remote CSS ([#227](getsentry/rrweb#227)) - fix(snapshot): Change to ignore all link[rel="modulepreload"] ([#228](getsentry/rrweb#228))
Includes the following fixes: - fix: remote CSS does not get rebuilt properly ([#226](getsentry/rrweb#226)) - fix(snapshot): Set <link> attributes to null for remote CSS ([#227](getsentry/rrweb#227)) - fix(snapshot): Change to ignore all link[rel="modulepreload"] ([#228](getsentry/rrweb#228))
Includes the following fixes: - fix: remote CSS does not get rebuilt properly ([#226](getsentry/rrweb#226)) - fix(snapshot): Set <link> attributes to null for remote CSS ([#227](getsentry/rrweb#227)) - fix(snapshot): Change to ignore all link[rel="modulepreload"] ([#228](getsentry/rrweb#228))
http://raven-js.readthedocs.org/en/latest/tips/index.html
If it's parsed as regex, wouldn't the example whitelist also match yourexample.com, which could be registered by a completely different person?
The text was updated successfully, but these errors were encountered: