Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[wrong target branch] #52

Closed
wants to merge 24 commits into from
Closed

[wrong target branch] #52

wants to merge 24 commits into from

Conversation

sahithyandev
Copy link
Collaborator

Previously the user id was passed as a cookie. Due to some security limitations, it wasn't included in subsequent calls. And I couldn't find a quick workaround for it.

I refactored the code to

  • store the user id in chrome.storage.sync
  • use it on subsequent calls

(sendEvent function takes care of these).

sahithyandev and others added 24 commits August 6, 2023 20:47
@sahithyandev
fix: warning on start
802d5bb
@sahithyandev
fix: style issue in navbar
b930abe
@sahithyandev
fix: theming issue
8c368b7
@sahithyandev
feat: add /extension-installed page
0c90bbc
@sahithyandev
fix: hide nav bar on /extension-installed page
b042c63
@sahithyandev
feat: open /extension-installed for users on install
3b92d97
@sahithyandev
fix: discord invite link
c630e04
@sahithyandev
chore: extract domainInfo route handler
b488c48
@sahithyandev
chore: extract /contract-info route handler
0ff6f6e
@sahithyandev
chore: extract submitContractReport route handler
242cc34
@sahithyandev
feat: add /event endpoint
5827f62
@sahithyandev
chore: minor issues in background.js
c433c45
@sahithyandev
feat: turn on pageview tracking
88a59c0
@sahithyandev
feat: send events from extension
bd2aae5
@sahithyandev
fix: set max age for user id cookie
2616a86
@sahithyandev
fix: send event on /domain-info fetched
7fdcce8
@VenkatTeja
Merge pull request #50 from sahithyandev/add-socials
ade65f8 
Improvements
@VenkatTeja
merged
0094a67
@VenkatTeja
merge event improvements
89efa4c
@sahithyandev
warn when MIXPANEL_TOKEN is undefined
2060601
@sahithyandev
stop using cookies in /event
fcdd6e4
@sahithyandev
refactor to use user id from storage
39f4c82
@sahithyandev
minor refactor in contstants.js
6900b40
@sahithyandev
fix error on building content.js
13a699a
@sahithyandev sahithyandev changed the title fix: user id changing everytime for /event [wrong target branch] Aug 14, 2023
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 14, 2023
View reviewed changes
server/src/routes/submitContractReport.ts

export default async function (req: Request, res: Response) {
const userError = (message: string) => {
res.status(400).send(message);

Check warning

Code scanning / CodeQL

Information exposure through a stack trace Medium

This information exposed to the user depends on
stack trace information
Loading
.
chrome-extension/src/utils/index.js
event,
};

window.postMessage(message, "*");

Check warning

Code scanning / CodeQL

Cross-window communication with unrestricted target origin Medium

Sensitive data
Loading
is sent to another window without origin restriction.
server/src/routes/event.ts
mixpanel.track(eventName, { ...others, distinct_id: userId });
}

res.status(200).send(userId);

Check warning

Code scanning / CodeQL

Reflected cross-site scripting Medium

Cross-site scripting vulnerability due to a
user-provided value
Loading
.
@sahithyandev sahithyandev deleted the fix/refactor-event-endpoint branch August 14, 2023 06:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sahithyandev @VenkatTeja