Skip to content

Version does not get set? #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
espadrine opened this issue Dec 20, 2017 · 6 comments
Open

Version does not get set? #3

espadrine opened this issue Dec 20, 2017 · 6 comments

Comments

@espadrine
Copy link

espadrine commented Dec 20, 2017
edited
Loading

Hi!

I think there is a bug in the following piece of code:

webrtc-protect/common.js

Lines 69 to 76 in ab08e47

if (prefs.version ? (prefs.faqs && prefs.version !== version) : true) {
chrome.storage.local.set({version}, () => {
chrome.tabs.create({
url: 'http://add0n.com/webrtc-protect.html?version=' + version +
'&type=' + (prefs.version ? ('upgrade&p=' + prefs.version) : 'install')
});
});
}

I maintain shields.io, and I noticed that I got a lot of hits from https://add0n.com/webrtc-protect.html?version=0.1.3&type=install. The kind of amount that only happens if your users call that endpoint a lot. North of 1000 hits every five minutes.

Could it be that the version does not get set properly in some version of Firefox? The MDN documentation does mention some incompatibilities: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/storage/StorageArea/get
@espadrine espadrine mentioned this issue Dec 20, 2017
Closed
@belaviyo
Copy link
Owner

Hello,

Are you sure the traffic is from this particular page or all the pages hosted on this domain? As far as I know, all the hosted open-source projects use shields.io. If this is causing issues, I can ask the support team to remove the shields.io entirely.

@belaviyo
Copy link
Owner

I just opened a new ticket for the issue. Will update when got a response.

@belaviyo
Copy link
Owner

Seems like this is a DOS attack not an issue with the extension. To confirm I updated the extension number to 0.1.4. Let's see if we get the traffic on 0.1.4 or not.

@espadrine
Copy link
Author

The hits I see are specifically for the URL https://add0n.com/webrtc-protect.html?version=0.1.3&type=install. It is what I see from the Referer HTTP header. It also means that, if I read the code correctly, prefs.version is falsy, to generate specifically that URL.

There are indeed other add0n pages that use badges, but they incur nowhere near the number of hits.

There is no need to remove the shields badges, as you are not putting a significant strain at the moment. It was simply noticeable on my radar.

@belaviyo
Copy link
Owner

https://add0n.com/webrtc-protect.html?version=0.1.3&type=install

I requested to the admin to block this version code. So there is no more traffic from this version. Based on the report I got, the traffic is even from IE browser which we do not support so apparently it is not the extension traffic. I'll investigate more though.

if I read the code correctly, prefs.version is falsy, to generate specifically that URL

That is very unlikely. Anyhow, I'll keep an eye on this too. Thanks a lot for the heads up.

@espadrine
Copy link
Author

I'll keep you in the loop, but since you updated to 0.1.4, I don't see anything anymore.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@espadrine @belaviyo