Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

V2 features/proxy to external server #3463

Merged
merged 6 commits into from May 8, 2024
Merged

V2 features/proxy to external server #3463

merged 6 commits into from May 8, 2024

Conversation

leaanthony
Copy link
Member

Description

Added support for proxying to an external server for assets. Currently supported by Mac and Windows. Linux YMMV depending on what version of webkit2gtk is installed.

@semgrep-app semgrep-app
Copy link

semgrep-app bot commented May 8, 2024

Semgrep found 3 ssc-46663897-ab0c-04dc-126b-07fe2ce42fb2 findings:

  • v2/pkg/assetserver/assetserver_webview.go

Risk: Affected versions of golang.org/x/net, golang.org/x/net/http2, and net/http are vulnerable to Uncontrolled Resource Consumption. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames.

Fix: Upgrade this library to at least version 0.23.0 at wails/v2/go.mod:43.

Reference(s): GHSA-4v7x-pqxf-cx7m, CVE-2023-45288

Ignore this finding from ssc-46663897-ab0c-04dc-126b-07fe2ce42fb2.

@cloudflare-pages Cloudflare Pages
Copy link

cloudflare-pages bot commented May 8, 2024
edited

Deploying wails with  Cloudflare Pages  Cloudflare Pages

Latest commit: e99e93d
Status: ✅  Deploy successful!
Preview URL: https://f976b14b.wails.pages.dev
Branch Preview URL: https://v2-features-proxy-to-externa.wails.pages.dev

View logs

@leaanthony
Copy link
Member Author

Semgrep found 3 ssc-46663897-ab0c-04dc-126b-07fe2ce42fb2 findings:

  • v2/pkg/assetserver/assetserver_webview.go

Risk: Affected versions of golang.org/x/net, golang.org/x/net/http2, and net/http are vulnerable to Uncontrolled Resource Consumption. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames.

Fix: Upgrade this library to at least version 0.23.0 at wails/v2/go.mod:43.

Reference(s): GHSA-4v7x-pqxf-cx7m, CVE-2023-45288

Ignore this finding from ssc-46663897-ab0c-04dc-126b-07fe2ce42fb2.

Fixed

@leaanthony leaanthony merged commit c1c4220 into master May 8, 2024
8 of 9 checks passed
@leaanthony leaanthony deleted the v2-features/proxy-to-external-server branch May 8, 2024 10:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@leaanthony