-
Notifications
You must be signed in to change notification settings - Fork 168
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extension leaking local asset requests to remote servers? #219
Comments
Hi @parseword, thank you for taking the time to leave a comment and for reporting this. I immediately forwarded it to the team, so they can take a look. |
Hi again, I just wanted to follow up with you regarding this. Our Devs have advised that this is actually intended behavior as these assets are public and the integration makes get requests to retrieve them. |
Same issue on our servers, a visitor with this browser extension is doing GET request to our servers. This assets may be pulbic but our servers doesn't have those resources so i don't understand why the extension is making those request. Maybe yo should find another way to integrate Clockify with whatever it's trying to integrate. Thanks. |
Hi both, I just wanted to let you know that I have forwarded this to our Devs once more so they will be looking at this deeper. |
Hi all, please note that the team has released the new version of the Clockify browser extension with the update for leaking assets. Hope this helps. Feel free to reach back if you notice anything else. Cheers! |
Hi,
While reviewing the error logs for a website I maintain, I recently encountered a batch of unusual requests from a visitor:
I Googled for some of the filenames and found this repo. Based on the above log entries, it seems like your extension may be "leaking" requests meant for its own bundled image assets, and is instead making those requests to remote web servers. (Perhaps that's the intended behavior, I'm not familiar with Clockify or how it works.)
Since I'm on the receiving end, all I can offer is the list of requests, and the user-agent that points to Chrome 106 on Linux. Hope this is useful in tracking down any issue that might exist.
The text was updated successfully, but these errors were encountered: