Upstream/VIAaaS
1
0
Fork 0
mirror of https://github.com/ViaVersion/VIAaaS.git synced 2024-06-26 10:24:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

xss readme

Browse Source
This commit is contained in:
creeper123123321 2021-03-16 17:19:03 -03:00 committed by GitHub
parent e3ef23158f
commit 4773db483d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -5,7 +5,7 @@ VIAaaS - ViaVersion ~~acetylsalicylic acid~~ as a Service - Standalone ViaVersio
## How does it work?
- ViaVersion, ViaBackwards and ViaRewind translates the connections to backend server.
- VIAaaS auth page stores account credentials in the player's browser local storage.
- VIAaaS auth page stores account credentials in the player's browser local storage. Check for XSS vulnerabilities on your domain.
- Due to technical/security reasons, it requires a CORS Proxy for calling Mojang APIs, which may make Mojang see that
as suspicious and reset/block your account password if the IP address seems suspect.
- Account credentials aren't sent to VIAaaS instance, though it's intermediated by CORS Proxy.