From 1960a16fb06ae0e84c3fada580a29be5b486b4b6 Mon Sep 17 00:00:00 2001 From: Jack Kingsman Date: Sun, 22 Mar 2026 23:28:33 -0700 Subject: [PATCH] Add note about CORS + Basic auth --- README.md | 2 +- frontend/src/components/CrackerPanel.tsx | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 455fd67..c918cf4 100644 --- a/README.md +++ b/README.md @@ -192,7 +192,7 @@ $env:MESHCORE_SERIAL_PORT="COM8" # or your COM port uv run uvicorn app.main:app --host 0.0.0.0 --port 8000 ``` -If you enable Basic Auth, protect the app with HTTPS. HTTP Basic credentials are not safe on plain HTTP. +If you enable Basic Auth, protect the app with HTTPS. HTTP Basic credentials are not safe on plain HTTP. Also note that the app's permissive CORS policy is a deliberate trusted-network tradeoff, so cross-origin browser JavaScript is not a reliable way to use that Basic Auth gate. ## Where To Go Next diff --git a/frontend/src/components/CrackerPanel.tsx b/frontend/src/components/CrackerPanel.tsx index 669df5a..b3c1c68 100644 --- a/frontend/src/components/CrackerPanel.tsx +++ b/frontend/src/components/CrackerPanel.tsx @@ -611,7 +611,8 @@ export function CrackerPanel({ pick up messages it couldn't crack, attempting them at one longer length. Try word pairs will also try every combination of two dictionary words concatenated together (e.g. "hello" + "world" = "#helloworld") after the single-word - dictionary pass; this can substantially increase search time. + dictionary pass; this can substantially increase search time and also result in + false-positives. Decrypt historical will run an async job on any room name it finds to see if any historically captured packets will decrypt with that key. Turbo mode will push your GPU to the max (target dispatch time of 10s) and