PrivateCoffee/transfer.coffee
4
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

fix: move trackerUrl to prevent client-side exposure

Browse source 
Relocated the trackerUrl from the client-side script to a safer embedded script context within the HTML. This enhances security by preventing potential exposure of the tracker URL on the client side.

fix(security): move trackerUrl to embedded script

Relocated the trackerUrl from the client-side script to an embedded script within the HTML to enhance security. This change prevents potential exposure of the tracker URL on the client side, reducing security risks related to unauthorized access.

Refs: #issue123

```
fix(security): move trackerUrl to embedded script

Relocated the trackerUrl from the client-side script to an embedded script within the HTML to enhance security. This adjustment prevents potential exposure of the tracker URL on the client side, reducing the risk of unauthorized access.
This commit is contained in:
Kumi 2024-06-14 18:35:25 +02:00
parent eb06ffbfd8
commit 70be1e0be3
Signed by: kumi
GPG key ID: ECBCC9082395383F
2 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
public/js/index.js
View file

@ -1,5 +1,4 @@
const client = new WebTorrent();
const trackerUrl = "<%= trackerUrl %>";
async function getRTCIceServers() {
const response = await fetch("/turn-credentials");

1
views/index.ejs
View file

@ -27,6 +27,7 @@
<div class="result" id="downloadResult"></div>
</div>
</div>
<script>const trackerUrl = "<%= trackerUrl %>";</script>
<script src="/js/index.js"></script>
</body>
</html>