New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
We should not use example.com
to check connectivity
#4639
Comments
Yes, I found the same thing and I'm curious if there are any security issues with it? |
Nah, we're using that to check if we're online (and discard the results), so even if you manage to intercept the traffic it won't do much. (And in that case you'd need to be able to generate a certificate that works, which implies you can intercept more interesting hosts…) |
This practice is triggering my Firewall because example.com is returning something unexpected from it's IP address which is on several blacklists. Is there really no other way to determine if the internet is reachable? For instance, you could use the same address that is used to check for updates if you must... at least that would be something expected. |
Why not change it to rancherdesktop.io or a file in a S3 bucket (the world has bigger problems when S3 goes down)? Happy to provide a PR if you wish. |
I've decided to use http://docs.rancherdesktop.io/. The URL is already used by help menus and buttons, so should ideally be already allowed in firewall and proxy rules. I didn't want to use the update checker URL because somebody might want to block it, to be extra-sure that the app doesn't auto-update. Also just pulling the HTTP redirect response and not the whole webpage. |
Actual Behavior
Currently, when we do the connectivity check, we contact
example.com
and expect a HTTP response. We should use something that's designed for this sort of workload, rather than spamming connections to a (itself ill-advised) page meant for an example.Steps to Reproduce
https://example.com
.Result
A connection to
https://example.com
every five seconds.Expected Behavior
Additional Information
rancher-desktop/pkg/rancher-desktop/main/diagnostics/connectedToInternet.ts
Line 35 in 9b2ad4a
Rancher Desktop Version
1.7.0-1270-g9b8bdee9
Rancher Desktop K8s Version
N/A
Which container engine are you using?
containerd (nerdctl)
What operating system are you using?
Windows
Operating System / Build Version
Windows 10 Pro 22H2 (Build 19045.2846)
What CPU architecture are you using?
x64
Linux only: what package format did you use to install Rancher Desktop?
None
Windows User Only
N/A
The text was updated successfully, but these errors were encountered: