Skip to content

feat(updater): enforce secure (HTTPS) transport, ref #433#434

Open
lucasfernog-crabnebula wants to merge 1 commit into
mainfrom
feat/updater-secure-transport
Open

feat(updater): enforce secure (HTTPS) transport, ref #433#434
lucasfernog-crabnebula wants to merge 1 commit into
mainfrom
feat/updater-secure-transport

Conversation

@lucasfernog-crabnebula

Copy link
Copy Markdown
Member

Reject plain http for update endpoints and download URLs in release builds (no host is exempt, not even loopback); allow it in debug builds with a warning, or in release via the dangerous dangerousInsecureTransportProtocol opt-in. Refuse redirects that downgrade https->http and cap redirect count.

this matches the tauri implementation

Reject plain http for update endpoints and download URLs in release builds
(no host is exempt, not even loopback); allow it in debug builds with a
warning, or in release via the dangerous `dangerousInsecureTransportProtocol`
opt-in. Refuse redirects that downgrade https->http and cap redirect count.

this matches the tauri implementation
@lucasfernog-crabnebula

Copy link
Copy Markdown
Member Author

ref #433

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant