You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The "Indicate if page already saved" option is expected to make requests to your Wallabag server for every URL you visit, so it can check whether that URL is already saved. However, it currently uses the url query parameter to pass these URLs up as cleartext, and it doesn't need to.
The /api/entries/exists endpoint can instead be passed a hashed_url parameter, which is the SHA-1 hash of a URL and can also indicate whether a URL matching that hash exists on the server. Wallabagger should use this parameter instead, to avoid potentially leaking every URL you ever visit.
I don't know which versions of Wallabag support the hashed_url parameter, so it may be necessary to maintain support for cleartext checks as well. But making hashed_url available as an alternative option is certainly viable.
The text was updated successfully, but these errors were encountered:
This would be a great feature but I'm not sure if there is a tagged wallabag's version out there right now. Could you confirm this info @nicosomb or @j0k3r, please?
Ok perfect. Will the generate-hashed-urls processing integrated to the update or manually launched by admins (just to be sure if I can count on this field after this precise version)?
The "Indicate if page already saved" option is expected to make requests to your Wallabag server for every URL you visit, so it can check whether that URL is already saved. However, it currently uses the
url
query parameter to pass these URLs up as cleartext, and it doesn't need to.The /api/entries/exists endpoint can instead be passed a
hashed_url
parameter, which is the SHA-1 hash of a URL and can also indicate whether a URL matching that hash exists on the server. Wallabagger should use this parameter instead, to avoid potentially leaking every URL you ever visit.I don't know which versions of Wallabag support the
hashed_url
parameter, so it may be necessary to maintain support for cleartext checks as well. But makinghashed_url
available as an alternative option is certainly viable.The text was updated successfully, but these errors were encountered: