From 62599c06f4b2039219e282b34a51a4ff4fbe5e67 Mon Sep 17 00:00:00 2001 From: Vijay A Date: Fri, 10 Sep 2021 22:36:41 +0530 Subject: Turning off the certificate whitelisting in ms-teams since that can cause an MITM attack. --- recipes/msteams/index.js | 23 ++++++++++++----------- recipes/msteams/package.json | 2 +- 2 files changed, 13 insertions(+), 12 deletions(-) (limited to 'recipes') diff --git a/recipes/msteams/index.js b/recipes/msteams/index.js index 5af7b5f..941db72 100644 --- a/recipes/msteams/index.js +++ b/recipes/msteams/index.js @@ -3,15 +3,16 @@ module.exports = Ferdi => class MicrosoftTeams extends Ferdi { return window.navigator.userAgent.replace(/(Ferdi|Electron)\/\S+ \([^)]+\)/g, '').trim(); } - // https://docs.microsoft.com/en-us/microsoftteams/troubleshoot/teams-sign-in/sign-in-loop#resolution - knownCertificateHosts() { - return [ - 'microsoft.com', - 'microsoftonline.com', - 'teams.skype.com', - 'teams.microsoft.com', - 'sfbassets.com', - 'skypeforbusiness.com', - ]; - }; + // TODO: Commenting out since this can expose the user to a MITM attack. Before this can be turned on, we will need to put in some safeguards/warnings that the user can explicitly accept the security ramifications + // // https://docs.microsoft.com/en-us/microsoftteams/troubleshoot/teams-sign-in/sign-in-loop#resolution + // knownCertificateHosts() { + // return [ + // 'microsoft.com', + // 'microsoftonline.com', + // 'teams.skype.com', + // 'teams.microsoft.com', + // 'sfbassets.com', + // 'skypeforbusiness.com', + // ]; + // }; }; diff --git a/recipes/msteams/package.json b/recipes/msteams/package.json index 1198de2..10fb69b 100644 --- a/recipes/msteams/package.json +++ b/recipes/msteams/package.json @@ -1,7 +1,7 @@ { "id": "msteams", "name": "Microsoft Teams", - "version": "3.1.3", + "version": "3.1.4", "license": "MIT", "aliases": [ "teamsChat" -- cgit v1.2.3-54-g00ecf