Safe Launcher Security

Krishna · May 30, 2016, 2:43pm

I tried to wire up a sample that seems to work for now. I thought of sharing the same with you guys to know whether it helps.

Plan to tighten the screws for the issues highlighted,

Stringent validation for CORS based on Origin header. Allow XHR requests only if the origin ends with .safenet.
Update proxy to handle only .safenet http requests, other requests will be forbidden. This doesn’t make a significant difference because the PAC file redirects only for .safenet requests. But just incase if the rule is skipped, then the proxy filters the requests.
The PAC file remains the same
Encourage the usage of uBlockOrigin addon as suggested by @lightyear in this post

The problem here is that we need to configure the proxy and the addon manually (More configuration).

If we can create a simple addon which will configure the proxy and also add the filtering rules as needed it would make it easier for the user.

Thanks @lightyear for sharing the configurations.

Please share your thoughts on this approach.

Topic		Replies	Views
Rogue (or just careless) Apps & Web pages: IP Uncloaking Beginners	33	2671	March 22, 2016
SAFE URL: "safe://" cross browser support revisited! Development	104	10903	June 30, 2016
Public Notice - How to hack SAFE Browser Plugin users Community	86	9687	May 28, 2016
SAFEr Browser(s) Proposal Proposals safe-browser	369	28687	March 23, 2017
SAFE App Launcher - Introduction Development	71	8969	February 22, 2016