warning on https->http redirect of screenshot downloads? #58
Labels
Comments
|
I don't think this is a super-realistic scenario (MITM attacks on the generator servers), but nevertheless this is a bug that should be closed. |
ximion
added a commit
that referenced
this issue
Nov 3, 2018
Instead of just throwing a warning, we will just disallow this behavior in general, as it usually indicates some kind of bug or usage error. I also could not find any website that actually does this in the wild. This resolves issue #58
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Screenshots that had https as url currently can get redirected to http without any warnings being raised as it seems curl's
get!simply follows https->http.As this degrades authenticity of the data it would be prudent to at least raise a warning about this and have authors either use http on the url to begin with or ensure the redirect chain does not drop to http. A MITM attack could inject unwanted art into the final data set, making both the distributor and the software look bad.
The text was updated successfully, but these errors were encountered: