New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
allow frontend to be served statically #49
Conversation
Thanks. Add a CSP attribute to the
As mentioned in #36, the server can still store the cipher text forever, which enables all sorts of correlation attacks as it bides its time for quantum computers to go main stream and decrypt it all (: |
I haven’t merged this PR yet because it requires updates to the UI. I have been doing lots of refactoring in the UI, so I will pick this up when the UI refactors are done. |
faf2a2a
to
3bd3c3f
Compare
This is ready for review if you want. It's a pretty big PR. It prettymuch implements what we talked about. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! (:
This implements a static frontend as suggested in #36.
background
Currently, the browser contains decrypted data and the encryption key. If the browser's JavaScript were modified to be malicious and a malicious server were created, it would be hard to detect.
this pr
This PR allows the backend to accept cross origin requests, and the frontend to be served statically on GitHub pages, Vercel, or a local static server, which can be manually built. The static page still routes the terminal traffic through a (potentially) untrusted server, but that is okay since the traffic is encrypted before going over the wire.
Changes