This repository was archived by the owner on May 7, 2025. It is now read-only.
This repository was archived by the owner on May 7, 2025. It is now read-only.
Cloud reader security #207
Description
Hi, I originally tried to get in touch via #205 regarding a security concern.
I saw that the web origin issue is a known security issue, but I was wondering if developers should be more explicitly warned about it when deploying the cloud reader app.
Since many websites use readium-js-viewer without hardening it through e.g. iframe sandboxing, they become vulnerable to XSS attacks which can be very dangerous especially if the reader is deployed in an authenticated website, since scripts would be able to use the cookies/authentication tokens of an authenticated user.
Product
- Readium cloud reader app