🐞 Describe the bug
Someone today had a referrer from localhost:5173 when they called my website, leading my Ackee dashboard to showing me a prompt saying that ackee tries to access other applications on my computer. (Because it tried to load the favicon)
💡 Expected behavior
I thought my instance was hacked and spent half an hour trying to find the reason, if xss happened and what not. This could have been prevented by just checking that the domain is not localhost and the referrer is localhost, therefore the favicon.ico should not be loaded.
⚙️ Environment
- Installation: via docker compose
- Ackee version: 3.6.0
🐞 Describe the bug
Someone today had a referrer from localhost:5173 when they called my website, leading my Ackee dashboard to showing me a prompt saying that ackee tries to access other applications on my computer. (Because it tried to load the favicon)
💡 Expected behavior
I thought my instance was hacked and spent half an hour trying to find the reason, if xss happened and what not. This could have been prevented by just checking that the domain is not localhost and the referrer is localhost, therefore the favicon.ico should not be loaded.
⚙️ Environment