[bisq-network/bisq] Use https:// for XMR explorer API endpoints, except if localhost or Tor (#4492)

wiz notifications at github.com
Mon Sep 7 15:38:11 UTC 2020


@jmacxx good catch, I forgot to strip the protocol prefix out, just pushed a commit that should fix that issue. I should have tested more, but I was trying to rush this out.

@chimp1984 maybe, and there is also the decision to route the connection through Tor or not, which would require its own slider switch - using regex we can strictly enforce https or Tor onion except for localhost or LAN ip address. IMO the goal is to let user be able to add xmrchain.net or whatever public explorers they want to trust, but without letting them accidentally put http:// and expose them to MITM attacks.

I'm also going to tweak the strings a bit with @m52go, since "Service addresses" is a big vague and user might be confused what exactly to enter. To be honest this feature feels like it needs a lot more testing and polish before we ship it in a public release to users...

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/pull/4492#issuecomment-688398399
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20200907/f94e85fb/attachment.html>


More information about the bisq-github mailing list