~glacambre/firenvim

ref: 076c1a4f04db2173afb395d0af8c63a5bbcab6a8 firenvim/SECURITY.md -rw-r--r-- 4.4 KiB
Remove persistent server
background.ts: make password longer

An excellent idea suggested by bovine3dom
SECURITY.md: change wording of "sandboxing firenvim" section

The discussion isn't ongoing anymore.
Explain persistent server mode in documentation
Make firenvim less secure

This commit removes a check ensuring that the `Origin` of a websocket
was that of the firenvim webextension which started neovim. This check
is removed because Mozilla decided to remove the `Origin` field of
websocket connections created from a webextension context (see
https://bugzilla.mozilla.org/show_bug.cgi?id=1596889 and
https://bugzilla.mozilla.org/show_bug.cgi?id=1592721).

An alternative would have been to re-create this field with the
webRequest API. However, there are two blockers: this requires a new
permission (I learned from working on Tridactyl that Firefox is pretty
bad at updating extensions that require new permissions) and Chrome is
going to remove the webRequest API anyway.

Note that firenvim should still be secure for the following reasons:
- It binds itself to a random port
- It uses a 32-bit one time password to make sure that the incomming
  connection is made from the webextension that started neovim.
- Neovim kills itself immediately if the websocket connection can't be
  authenticated.

Still, Firenvim is less secure because of this removal: theorically
speaking, a malicious webpage could get lucky and discover the right
port and password combination. Before this removal, this wouldn't have
mattered as pages can't forge the Origin of their websockets.
SECURITY.md: Mention sandboxing discussion
Turn native messenger into a neovim plugin

This commit removes the rust component, as described in
https://github.com/glacambre/firenvim/issues/13.

Closes https://github.com/glacambre/firenvim/issues/22