New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: allow site access to app.ynab.com #3068
fix: allow site access to app.ynab.com #3068
Conversation
The previous settings supported both SSL and unnecrypted, and used a wildcard instead of app. Does that same schema want to be used here as well? |
@pksublime Good spot! I've added http and https variants and opened up to wildcard subdomains. |
Do we know for a fact that there are no subdomains that are used by API requests and that everything is off of the app subdomain? That's the only reason I can imagine they were doing wildcards to begin with. I believe in the principle of least privilege, but I'm also just curious as to what the original reasoning for the wildcard use was and want to make sure that limiting to the app subdomain doesn't introduce other problems. I don't have the answers - just questions :) |
Well, there must be something else to it. I did enable developer mode, and loaded unpacked. Now, I see all four URLs in the extension site access settings. However, the Toolkit it self still did not operate. Will wait for the patch. Thank you to all the devs! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks! I think this is all we need but i will confirm
JFYI I had to re-enable the extension manually in |
YNAB confirmed to me over an email that the domain change is intentional and to stay. |
* fix: allow site access to app.ynab.com * fix: ignore protocol, support subdomains
GitHub Issue (if applicable): #3067
Explanation of Bugfix/Feature/Modification:
It looks like YNAB have moved to app.ynab.com for the web version of the app at the moment. I can't see why this would be a temporary change, but I've kept the old hostnames in there just incase.
Fixes #3067 and #3066.