Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: allow site access to app.ynab.com #3068

Merged
merged 2 commits into from Mar 29, 2023
Merged

fix: allow site access to app.ynab.com #3068

merged 2 commits into from Mar 29, 2023

Conversation

punkstar
Copy link
Contributor

@punkstar punkstar commented Mar 28, 2023
edited

GitHub Issue (if applicable): #3067

Explanation of Bugfix/Feature/Modification:

It looks like YNAB have moved to app.ynab.com for the web version of the app at the moment. I can't see why this would be a temporary change, but I've kept the old hostnames in there just incase.

Fixes #3067 and #3066.

@pksublime
Copy link

The previous settings supported both SSL and unnecrypted, and used a wildcard instead of app. Does that same schema want to be used here as well?

@punkstar
Copy link
Contributor Author

@pksublime Good spot! I've added http and https variants and opened up to wildcard subdomains.

@justinswall
Copy link

Do we know for a fact that there are no subdomains that are used by API requests and that everything is off of the app subdomain? That's the only reason I can imagine they were doing wildcards to begin with. I believe in the principle of least privilege, but I'm also just curious as to what the original reasoning for the wildcard use was and want to make sure that limiting to the app subdomain doesn't introduce other problems.

I don't have the answers - just questions :)

@InsouciantQualms
Copy link

Well, there must be something else to it. I did enable developer mode, and loaded unpacked. Now, I see all four URLs in the extension site access settings. However, the Toolkit it self still did not operate. Will wait for the patch. Thank you to all the devs!

joshmadewell
joshmadewell approved these changes Mar 29, 2023
View reviewed changes
Copy link
Member

@joshmadewell joshmadewell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks! I think this is all we need but i will confirm

@joshmadewell joshmadewell merged commit 979c927 into toolkit-for-ynab:main Mar 29, 2023
2 checks passed
This was referenced Mar 29, 2023
Closed
Closed
@nzifnab nzifnab mentioned this pull request Mar 29, 2023
Closed
@punkstar punkstar deleted the support-app.ynab.com-domain branch March 29, 2023 08:39
@danguilherme
Copy link
Contributor

JFYI I had to re-enable the extension manually in chrome://extensions as it was disabled by Chrome for needing more permissions.

@navara
Copy link

navara commented Mar 29, 2023

YNAB confirmed to me over an email that the domain change is intentional and to stay.

HelloThisIsFlo pushed a commit to HelloThisIsFlo/toolkit-for-ynab that referenced this pull request Jun 13, 2023
@HelloThisIsFlo
fix: allow site access to app.ynab.com (toolkit-for-ynab#3068)
11034d7 
* fix: allow site access to app.ynab.com

* fix: ignore protocol, support subdomains
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bzupnick bzupnick bzupnick approved these changes

@joshmadewell joshmadewell joshmadewell approved these changes

@aetrix622 aetrix622 aetrix622 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Opened YNAB today - Toolkit disappeared
9 participants
@punkstar @pksublime @justinswall @InsouciantQualms @danguilherme @navara @bzupnick @joshmadewell @aetrix622