hive-io issueshttps://gitlab.syncad.com/hive/hive-io/-/issues2021-05-17T16:19:15Zhttps://gitlab.syncad.com/hive/hive-io/-/issues/14Reporting & Analytics Account Access - Ignite Visibility2021-05-17T16:19:15ZinertiaReporting & Analytics Account Access - Ignite VisibilitySee: https://docs.google.com/document/d/1jDs4l6DgptghxgdHgi78JcCcJnWl0NmFzGjcqApRGrY/edit#heading=h.bwc6hsu78bw6
* Google Analytics Access: add ignitevisibility5@gmail.com
* Google Analytics Access: add reports@ignitevisibility.com
* Go...See: https://docs.google.com/document/d/1jDs4l6DgptghxgdHgi78JcCcJnWl0NmFzGjcqApRGrY/edit#heading=h.bwc6hsu78bw6
* Google Analytics Access: add ignitevisibility5@gmail.com
* Google Analytics Access: add reports@ignitevisibility.com
* Google Analytics Access: add analytics@ignitevisibility.com
For google tag manager:
* Google Tag Manager Access: add reports@ignitevisibility.com
* Google Tag Manager Access: add analytics@ignitevisibility.com
* Google Merchant Center: add analytics@ignitevisibility.com
For google search console:
* Google Search Console Access: add reports@ignitevisibility.com
* Google Search Console Access: add ignitevisibility5@gmail.comhttps://gitlab.syncad.com/hive/hive-io/-/issues/11Signup 3speak tld update2021-05-16T20:33:42ZChristopher Graney-WardSignup 3speak tld updateThe signup page (signup.hive.io) points users to 3speak.co rather than 3speak.tv.The signup page (signup.hive.io) points users to 3speak.co rather than 3speak.tv.https://gitlab.syncad.com/hive/hive-io/-/issues/1Problem with the semver/node packages2021-04-16T19:04:33ZBenjamin FuksProblem with the semver/node packagesHi,
I have tried to install this as written in the readme. The current version does not seem to run with the latest yarn version. I get the following error message:
> error semver@7.1.3: The engine "node" is incompatible with this modu...Hi,
I have tried to install this as written in the readme. The current version does not seem to run with the latest yarn version. I get the following error message:
> error semver@7.1.3: The engine "node" is incompatible with this module. Expected version ">=10". Got "8.12.0"
Note that this is my first try using yarn.https://gitlab.syncad.com/hive/hive-io/-/issues/4Migrating recovery account settings to hive-io2021-04-12T17:39:14ZimwatsiMigrating recovery account settings to hive-ioMost accounts currently have `steem` as the recovery account. We need a plan to enable easy migration of those to `hive-io` for people who want to use `hive-io` as recovery account.Most accounts currently have `steem` as the recovery account. We need a plan to enable easy migration of those to `hive-io` for people who want to use `hive-io` as recovery account.https://gitlab.syncad.com/hive/hive-io/-/issues/12Remove hive.blue2021-04-10T14:21:52ZMahdi YariRemove hive.bluehttps://gitlab.syncad.com/hive/hive-io/-/issues/9different dhive behaviour under npm vs under straight js environment2020-11-17T11:17:15ZBoris Epsteindifferent dhive behaviour under npm vs under straight js environmentFor some reason when I run the code that looks like this under the straight Javascript environment (js) under Ubuntu 18 it works just fine,
`import React from 'react';
import Client from '@hiveio/dhive';
const hive_access_url = 'https:...For some reason when I run the code that looks like this under the straight Javascript environment (js) under Ubuntu 18 it works just fine,
`import React from 'react';
import Client from '@hiveio/dhive';
const hive_access_url = 'https://api.openhive.network';
const client = new Client( hive_access_url );
const hive_user = 'borepstein';
const post_count = 5;`
However, when I run it under npm I get the following messages spit into the browser:
`TypeError: _hiveio_dhive__WEBPACK_IMPORTED_MODULE_1___default.a is not a constructor
./src/HiveFeed.js
src/HiveFeed.js:5
2 | import Client from '@hiveio/dhive';
3 |
4 | const hive_access_url = 'https://api.openhive.network';
> 5 | const client = new Client( hive_access_url );
6 | const hive_user = 'borepstein';
7 | const post_count = 5;
8 |
__webpack_require__
/home/bepstein/borisepstein-info/webpack/bootstrap:784
781 | };
782 |
783 | // Execute the module function
> 784 | modules[moduleId].call(module.exports, module, module.exports, hotCreateRequire(moduleId));
| ^ 785 |
786 | // Flag the module as loaded
787 | module.l = true;
fn
/home/bepstein/borisepstein-info/webpack/bootstrap:150
147 | );
148 | hotCurrentParents = [];
149 | }
> 150 | return __webpack_require__(request);
| ^ 151 | };
152 | var ObjectFactory = function ObjectFactory(name) {
153 | return {
./src/App.js
https://10.0.3.23:3443/static/js/main.chunk.js:25260:86
__webpack_require__
/home/bepstein/borisepstein-info/webpack/bootstrap:784
781 | };
782 |
783 | // Execute the module function
> 784 | modules[moduleId].call(module.exports, module, module.exports, hotCreateRequire(moduleId));
| ^ 785 |
786 | // Flag the module as loaded
787 | module.l = true;
fn
/home/bepstein/borisepstein-info/webpack/bootstrap:150
147 | );
148 | hotCurrentParents = [];
149 | }
> 150 | return __webpack_require__(request);
| ^ 151 | };
152 | var ObjectFactory = function ObjectFactory(name) {
153 | return {
./src/index.js
https://10.0.3.23:3443/static/js/main.chunk.js:25678:81
__webpack_require__
/home/bepstein/borisepstein-info/webpack/bootstrap:784
781 | };
782 |
783 | // Execute the module function
> 784 | modules[moduleId].call(module.exports, module, module.exports, hotCreateRequire(moduleId));
| ^ 785 |
786 | // Flag the module as loaded
787 | module.l = true;
fn
/home/bepstein/borisepstein-info/webpack/bootstrap:150
147 | );
148 | hotCurrentParents = [];
149 | }
> 150 | return __webpack_require__(request);
| ^ 151 | };
152 | var ObjectFactory = function ObjectFactory(name) {
153 | return {
1
https://10.0.3.23:3443/static/js/main.chunk.js:25821:18
__webpack_require__
/home/bepstein/borisepstein-info/webpack/bootstrap:784
781 | };
782 |
783 | // Execute the module function
> 784 | modules[moduleId].call(module.exports, module, module.exports, hotCreateRequire(moduleId));
| ^ 785 |
786 | // Flag the module as loaded
787 | module.l = true;
checkDeferredModules
/home/bepstein/borisepstein-info/webpack/bootstrap:45
42 | }
43 | if(fulfilled) {
44 | deferredModules.splice(i--, 1);
> 45 | result = __webpack_require__(__webpack_require__.s = deferredModule[0]);
| ^ 46 | }
47 | }
48 |
webpackJsonpCallback
/home/bepstein/borisepstein-info/webpack/bootstrap:32
29 | deferredModules.push.apply(deferredModules, executeModules || []);
30 |
31 | // run deferred modules when all chunks ready
> 32 | return checkDeferredModules();
| ^ 33 | };
34 | function checkDeferredModules() {
35 | var result;
(anonymous function)
https://10.0.3.23:3443/static/js/main.chunk.js:1:87
This screen is visible only in development. It will not appear if the app crashes in production.
Open your browser’s developer console to further inspect this error. Click the 'X' or hit ESC to dismiss this message.`
Any help with debugging this would be appreciated.
Thanks.
Boris.https://gitlab.syncad.com/hive/hive-io/-/issues/6Potential tab nabbing attack2020-10-31T14:33:11ZDan NotesteinPotential tab nabbing attackI am security researcher and I have found this vulnerability in your website: https://hive.io/
Vulnerability report: Tab nabbing
Issue lies Here :
<a href="https://twitter.com/hiveblocks" target="_blank" class="icon layout__socials__soc...I am security researcher and I have found this vulnerability in your website: https://hive.io/
Vulnerability report: Tab nabbing
Issue lies Here :
<a href="https://twitter.com/hiveblocks" target="_blank" class="icon layout__socials__social" style="height:40px">
Here i can see you are using target=_blank and no more rel tag.
Here , target=_blank means it will open in another new tab but due to tab nabbing it can change parent tab as well .So as per security principal don't trust much on 3rd party and be at your safe side.
FIX & MITIGATION :
To mitigate this issue we need to use rel="nofollow noopener noreferrer" as follows:
<a href="https://twitter.com/hiveblocks" target="_blank" rel=" noreferrer noopener"
class="icon layout__socials__social" style="height:40px">
Proof of concept:
Note:
As I have noticed that your website contains many other social external links also without the tags, which is very dangerous. You are advised to use the recommended tags in order to secure your website from this vulnerable attack.
Tab Nabbing Exploit:
Whenever you open a new tab by clicking a link whose HTML code looks like this, JavaScript will keep a reference to the window object of the site that opened the tab:
<a href = "https://example.com/blog" target = "_blank">Blog</a>
You are not allowed to read the location of the site that opened the tab, whether the rel = "noreferrer" attribute is set or not. However, what you can do is change the location of the opener by using the following JavaScript code:
window.opener.location = 'https://attacker.com/phishing';
The tabnabbing attack would happen as follows:
The victim clicks a link on https://example.com/ containing target = "_blank", which leads to https://attacker.com
https://attacker.com immediately redirects the tab where https://example.com/ is located to https://attacker.com/phishing
The victim looks at the attacker.com page and then goes back to the previous tab containing a phishing page that looks exactly like https://example.com/, but prompts the victim to enter their login details again
This makes a phishing attack much more effective, because the user is not expecting such behaviour and thinks they are still on the original page ('tabnabbing'). The way to thwart this attack is to use rel = "noopener", though rel = "noreferrer" has the same effect.
It's interesting how such a small parsing mistake can have such a huge impact on the security of an application.
In this report I have only talked about twitter but you have to use rel="nofollow noopener noreferrer" in all the external links present in your website.
Refrences:
1: https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/
2: https://developers.google.com/web/tools/lighthouse/audits/noopener
3: https://mathiasbynens.github.io/rel-noopener/
I Hope you will fix this issue as soon as possible. Look forward to hear from you. Thank You
Warm Regards,
Taha Ismail"https://gitlab.syncad.com/hive/hive-io/-/issues/8Missing Ionomy.com Exchange2020-05-23T18:33:36ZJason NelsonMissing Ionomy.com ExchangeYou are missing ionomy.com as a exchange (one of the first to add hive)You are missing ionomy.com as a exchange (one of the first to add hive)https://gitlab.syncad.com/hive/hive-io/-/issues/7Add official email at the footer of the site2020-05-21T06:32:31ZPablo GarciaAdd official email at the footer of the siteToday there is no "official" point of contact as email.
It would be benefitial to have a section in the footer. Some sort of "contact us", with info@email.com. Specially for new exchanges wanted to iniciate communications a about possib...Today there is no "official" point of contact as email.
It would be benefitial to have a section in the footer. Some sort of "contact us", with info@email.com. Specially for new exchanges wanted to iniciate communications a about possible listing.
info@hive.io should be use by community members in charge of external communication (specially exchange comm. team).therealwolftherealwolfhttps://gitlab.syncad.com/hive/hive-io/-/issues/3Set up of @hiveio account2020-04-11T08:08:24ZScott jarvieSet up of @hiveio account* [x] Background image
* [x] About
* [x] Website link
* [x] Profile image
* [x] Posting Access to posting for those making announcement post
---------------------
#2 this issue should be answered so we know what to do in a trustless/de...* [x] Background image
* [x] About
* [x] Website link
* [x] Profile image
* [x] Posting Access to posting for those making announcement post
---------------------
#2 this issue should be answered so we know what to do in a trustless/decentralized way for the future