Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support "unsafes" - unsafely configure Snow to allow non-secure operations #110

Open
weizman opened this issue Jun 22, 2023 · 3 comments
Open

Support "unsafes" - unsafely configure Snow to allow non-secure operations #110

weizman opened this issue Jun 22, 2023 · 3 comments
Labels
enhancement New feature or request

Comments

@weizman
Copy link
Member

weizman commented Jun 22, 2023
edited
Loading

UPDATE: see #110 (comment)

As of today, it is a conscious decision to disable some native behaviour in the browser when it is (1) posing a security concern to Snow and (2) is a behaviour that is unused legitimately in the wild.

This is something we'll continue to do, but it's also contradicting our will to make Snow a perfect shim, meaning it shouldn't harm web apps normal behaviour whatsoever.

Therefore, it is time to allow some level of configuration for Snow.

At the very least, a way to tell Snow to either "block activities that might pose danger to Snow" or "keep Snow protection, but not at the cost of disabling browser native behaviour", so that security focused vendors could take the risk, while observability focused vendors could opt out of that risk and stick to most realm creation cases instead of all (e.g. what happened at highlight/highlight#3934)
@weizman weizman added the enhancement New feature or request label Jun 22, 2023
@mmndaniel
Copy link
Contributor

This is great. How did you think to implement that? something like SNOW(cb, { mode: 'lax' }), or SNOW(cb, {ALLOW_SRCDOC_WITH_CSP: true}) (etc, for each potentially breaking behavior)?

@weizman
Copy link
Member Author

weizman commented Jun 25, 2023

Great question. Currently, it's one of the two. I'm wondering if to split it to either:

  • lax or strict - where lax is "snow gives up on anything that breaks standard JS behaviour" and strict is "snow does whatever it takes to stay as protected as possible";
  • deeper resolution - where each JS behaviour breaking protection is flagged and the user can enable/disable each one separately
  • maybe support both?

This requires some thinking, am very open to opinions on this.

@weizman
Copy link
Member Author

weizman commented Aug 2, 2023

Now that #133 is about to be merged, this issue gets a different spin.
We might want Snow to accept "unsafes" with which the user can request to unsafely allow actions that Snow currently throws on.
In other words, allow each error Snow throws to be silent by configuration, for those who are willing to give up on security in sake of support and adoption.
I'll leave this issue open, and if anyone wants this to happen, speak up 🙏

@weizman weizman changed the title Split Snow to lax and strict modes Support "unsafes" - unsafely configure Snow to allow non-secure operations Aug 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@weizman @mmndaniel