New Portal [PREVIEW]

It currently is Three :slight_smile:

3 Likes

The £99 still applies for now, we’re looking at ways to reduce this significantly

4 Likes

Can’t wait to see this thing, I’m hoping emails will go out today

3 Likes

Must be close, surely ?

Apparently they’re waiting for the direct debits to be shoved over to the new system, then it’ll be live for everyone, no ETA though

Access will be made available in the next 48 hours, all data has been moved, Direct debits are in place on the new portal, previous invoices etc have been moved. So we’re confident we can allow access :slight_smile:

9 Likes

Just a heads-up on this:

I find that MalwareBytes Browser Guard is blocking LaunchDarkly.com

Did it say what it was flagged for?

Malwarebytes false positive.

Looks clean

1 Like

No,
Referrer policy: strict-origin-when-cross-origin
and script is trying to POST outside of yayzi.co.uk domain

but I’m no expert.

1 Like

I think the only option you have is to raise it with MalwareBytes, or whitelist the url within browser guard.

96 vendors are reporting there are no issues. False positive on Malwarebytes side unfortunately.

1 Like

Only thing i can think of is like trackers tbh

The referer policy needs changing.
It’s not being blocked because there is anything wrong with the referred site. This is just a security issue that can be coded around. Malwarebytes is right to block the call (in my opinion)

Where is the security issue?

strict-origin-when-cross-origin (default)

Send the origin, path, and query string when performing a same-origin request. For cross-origin requests send the origin (only) when the protocol security level stays same (HTTPS→HTTPS). Don’t send the Referer header to less secure destinations (HTTPS→HTTP).

Looks totally fine to me. The post request is likely sending event data to LaunchDarkly’s diagnostics endpoint.

Just wondering if these headers are required to make the CORS work according to standards?

Sec-Fetch

For instance, Malwarebytes has no problems giving access to clientstream.launchdarkly.com but that request has the cors headers included above,
Whereas I get net::ERR_BLOCKED_BY_CLIENT when it doesn’t have those headers (because Malwarebytes appears unhappy)

Possibly coincidence, but it’s just my observation.

I’ll leave it to Yayzi and see if they want to take it up with Gaiia. But just a google of “Malwarebytes browser Guard false positives” is enough for me to not worry about it.

1 Like

would be nice if yayzi could add parental controls to the portal that would be a nice touch

As in one that controls the content people see on the WiFi?

Pretty sure the routers support it but currently I don’t think the routers are connected to the portal. This is something Yayzi have in the pipeline :slight_smile:

This would very likely only work with their router as they can remotely control it via a protocol that I can’t remember the name of