mirror of
https://github.com/offen/website.git
synced 2024-12-23 05:20:21 +01:00
Merge pull request #78 from offen/protect-optout
Add signed authentication mechanism to secure optout cookie exchange
This commit is contained in:
commit
57af647dbc
@ -3,13 +3,12 @@ version: 2
|
||||
production_env: &production_env
|
||||
environment:
|
||||
- SERVER_HOST=https://server-alpha.offen.dev
|
||||
- OPT_OUT_PIXEL_LOCATION=https://server-alpha.offen.dev/opt-out
|
||||
- OPT_IN_PIXEL_LOCATION=https://server-alpha.offen.dev/opt-in
|
||||
- KMS_HOST=https://kms-alpha.offen.dev
|
||||
- SCRIPT_HOST=https://script-alpha.offen.dev
|
||||
- AUDITORIUM_HOST=https://auditorium-alpha.offen.dev
|
||||
- VAULT_HOST=https://vault-alpha.offen.dev
|
||||
- ACCOUNTS_HOST=https://accounts-alpha.offen.dev
|
||||
- HOMEPAGE_HOST=https://www.offen.dev
|
||||
- NODE_ENV=production
|
||||
|
||||
deploy_preconditions: &deploy_preconditions
|
||||
|
@ -83,6 +83,9 @@ def post_login():
|
||||
@json_error
|
||||
def get_login():
|
||||
auth_cookie = request.cookies.get(COOKIE_KEY)
|
||||
if not auth_cookie:
|
||||
return jsonify({"error": "no auth cookie in request", "status": 401}), 401
|
||||
|
||||
public_keys = app.config["JWT_PUBLIC_KEYS"]
|
||||
|
||||
token = None
|
||||
|
@ -47,6 +47,7 @@ services:
|
||||
PORT: 8080
|
||||
JWT_PUBLIC_KEY: http://accounts:5000/api/key
|
||||
DEVELOPMENT: '1'
|
||||
COOKIE_EXCHANGE_SECRET: Wsttdo4Z3mXV5sTc
|
||||
ports:
|
||||
- 8080:8080
|
||||
command: refresh run
|
||||
@ -72,6 +73,7 @@ services:
|
||||
- SCRIPT_HOST=http://localhost:9977
|
||||
- AUDITORIUM_HOST=http://localhost:9955
|
||||
- ACCOUNTS_HOST=http://localhost:5000
|
||||
- HOMEPAGE_HOST=http://localhost:8000
|
||||
|
||||
script:
|
||||
build:
|
||||
@ -100,8 +102,6 @@ services:
|
||||
- 9955:9955
|
||||
environment:
|
||||
- VAULT_HOST=http://localhost:9977
|
||||
- OPT_OUT_PIXEL_LOCATION=http://localhost:8080/opt-out
|
||||
- OPT_IN_PIXEL_LOCATION=http://localhost:8080/opt-in
|
||||
|
||||
accounts:
|
||||
build:
|
||||
|
@ -8,4 +8,21 @@ This will prevent __offen__ from aggregating the actions you have taken on parti
|
||||
|
||||
Operators now cannot draw any conclusions from your actions via __offen__. At the same time, however, they *cannot create a better experience* for you and other users.
|
||||
|
||||
<img style="-webkit-user-select: none; display:none;" src="https://server-alpha.offen.dev/opt-out">
|
||||
<script>
|
||||
var vault = document.createElement('iframe')
|
||||
vault.style.display = 'none'
|
||||
vault.setAttribute('width', '0')
|
||||
vault.setAttribute('height', '0')
|
||||
vault.setAttribute('frameBorder', '0')
|
||||
vault.setAttribute('scrolling', 'no')
|
||||
vault.addEventListener('load', function (e) {
|
||||
vault.contentWindow.postMessage({
|
||||
type: 'OPTOUT',
|
||||
payload: {
|
||||
status: true
|
||||
}
|
||||
}, '*')
|
||||
})
|
||||
vault.src = 'https://vault-alpha.offen.dev'
|
||||
document.body.append(vault)
|
||||
</script>
|
||||
|
Loading…
Reference in New Issue
Block a user