NSAllowsArbitraryLoads:true being labeled as a security issue #294
Comments
|
Hello! Terminal Notifier is actually a different project that we utilize to show notifications on mac, https://github.com/julienXX/terminal-notifier. If you'd like to raise the issue there to ask the question I'm not sure on the background there. If they do answer the question, we can implement it here (we've got the distribution file inside the project since we're using an older version and it isn't available in the node ecosystem). |
|
@jnielson94, They have answered @redhat-raptor and mentioned that it could be disabled. julienXX/terminal-notifier#275 cc: @mikaelbr |
idhruvs
added a commit
to idhruvs/node-notifier
that referenced
this issue
Jan 28, 2021
…void security issues raised by code-analysers
|
I have created a pull-request with the resolution of this issue. (#362 (comment)) |
mikaelbr
added a commit
that referenced
this issue
May 14, 2021
fix: Issue #294 NSAllowsArbitraryLoads flag set to false
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello there,
In the file:
node-notifier/vendor/mac.noindex/terminal-notifier.app/Contents/Info.plistNSAllowsArbitraryLoadshas been set to true. A code scanning tool is labelling this as a security breach however when I searched forNSAllowsArbitraryLoadsin the source code, looks like no code is directly referencing the item. Could anyone clarify what this piece of config is really doing?Apple also identifies this as a security issue here: https://developer.apple.com/documentation/bundleresources/information_property_list/nsapptransportsecurity/nsallowsarbitraryloads
Help is appreciated!
The text was updated successfully, but these errors were encountered: