This repository has been archived by the owner on Jun 23, 2023. It is now read-only.
Dashboard should not refer to github for images #443
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The dashboard should not refer to github for images (i.e. when viewing apps in the app-store, before installing them).
It's ok if the node backend will download the images on demand, but using an
<img src="..." />allows github to link the browser's ip to the umbrel apps that the user looks at.This is especially true for users that use Tailscale and think that they are completely safe - only the requests to their node go through the VPN, not the requests to the other resources.
Obviously you can't enforce this on every app that the user installs, but this is no longer under your control.
The text was updated successfully, but these errors were encountered: