moonfire-nvr

MyFavMirrors/moonfire-nvr

Fork 0

mirror of https://github.com/scottlamb/moonfire-nvr.git synced 2025-03-19 02:08:28 -04:00

Commit Graph

Author	SHA1	Message	Date
Scott Lamb	fd7438dd28	ignore port number in ws origin check Fixes #219	2022-04-13 21:49:18 -07:00
Scott Lamb	4c9aa93fdf	check WebSocket origin This fixes a real cross-site WebSocket hijacking (CSWSH) vulnerability. If the attacker knows the URL of an NVR installation this user is authenticated to and the UUID of a camera, and can trick the user into visiting their webpage, they can grab the live stream. At least there's some entropy in the camera UUID, but it was never intended to be a secret.	2022-03-22 14:51:12 -07:00
Scott Lamb	87f9736d80	separate live view into its own file	2021-10-28 13:07:39 -07:00

Author

SHA1

Message

Date

Scott Lamb

fd7438dd28

ignore port number in ws origin check

Fixes #219

2022-04-13 21:49:18 -07:00

Scott Lamb

4c9aa93fdf

check WebSocket origin

This fixes a real cross-site WebSocket hijacking (CSWSH) vulnerability.
If the attacker knows the URL of an NVR installation this user is
authenticated to and the UUID of a camera, and can trick the user into
visiting their webpage, they can grab the live stream. At least there's
some entropy in the camera UUID, but it was never intended to be a
secret.

2022-03-22 14:51:12 -07:00

Scott Lamb

87f9736d80

separate live view into its own file

2021-10-28 13:07:39 -07:00

3 Commits