You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
do we want to silently fail or block loading flow if url is loaded with invalid config? Do we want to add a query parameter to prevent loading the config? what should we name it?
config injection would allow us to better test direct retrieval and timing.. how do we do so without allowing malicious actors to inject bad dns query servers.
we want to test LCP inside service worker gateway when it's retreiving blocks directly from provider, to do so, we need to remove fallback gateways.
We also have a threat model where malicious users can override DNS query server, so we want to prevent that.
We should prevent overriding: recursive gateways, fallback gateways, dns resolvers, but override the others.
we should test removing lz-string and just using encodeURIComponent(json.stringify(config))
we should only validate referrer and timestamp if one of "recursive gateways, fallback gateways, dns resolvers" is in the config provided, otherwise use the default.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Meeting event link: https://lu.ma/ob80zdv4
Attendees
Quick FYIs
Agenda
Notes
encodeURIComponent(json.stringify(config))Action items
Beta Was this translation helpful? Give feedback.
All reactions