LIFF SDK may has issue with the Missing Origin Validation fix of Parcel Bundler #125

micksatana · 2019-02-03T10:16:34Z

I suspect liff-sdk may has issue in origin validation. I have a project using parcel-bundler which was working in 1.9.x. After a security fixed in 1.10.0 Missing Origin Validation issue when we use `liff.init' the request will just hang, no response and no error.

I suspect it's related to the Missing Origin Validation issue of Parcel Bundler which is fixed in 1.10.0. Since the 1.10.0, liff.init no longer works.

Since I'm not so sure it related to checking on server-side at LINE platform or somehow affected by the fix

Current impact is all LIFF app projects developed with Parcel Bundler will need to stay with parcel-bundler@=1.9.7 which having source code leakage issue

This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.

The text was updated successfully, but these errors were encountered:

micksatana · 2019-02-03T10:32:01Z

Please ignore this issue. It's my misunderstanding. Apologize for false alarm.

micksatana closed this as completed Feb 3, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

LIFF SDK may has issue with the Missing Origin Validation fix of Parcel Bundler #125

LIFF SDK may has issue with the Missing Origin Validation fix of Parcel Bundler #125

micksatana commented Feb 3, 2019 •

edited

micksatana commented Feb 3, 2019

LIFF SDK may has issue with the Missing Origin Validation fix of Parcel Bundler #125

LIFF SDK may has issue with the Missing Origin Validation fix of Parcel Bundler #125

Comments

micksatana commented Feb 3, 2019 • edited

micksatana commented Feb 3, 2019

micksatana commented Feb 3, 2019 •

edited