Comments (7)
WilliamBergamin
commented on June 16, 2024
Hi @saurabh0719 thanks for writing in 💯
This question seems to target the behavior of the backend, and does not strictly affect the python-slack-sdk project, I will try to get some answers from my end but you can also join our slack community to ask about this behavior
from python-slack-sdk.
saurabh0719
commented on June 16, 2024
@WilliamBergamin thanks for the quick turnaround. Yeah it does not affect the python SDK per say, we just happen to use the python SDK ourselves and I've had a great experience asking questions here as I always seem to get a quick reply and clarification! So since this was time sensitive I figured, why not.
I'll surely check out the community, but if you do have anything that you can share from your end, then please do. :)
from python-slack-sdk.
saurabh0719
commented on June 16, 2024
https://forums.slackcommunity.com/s/ seems to be down at the moment. Unsure where to post this question. Will an email to slack support work? But I figured that's not for developer problems.
@seratch will you be able to help by any chance?
from python-slack-sdk.
seratch
commented on June 16, 2024
@saurabh0719 I may not be able to resolve all your questions / concerns on security but let me share a few general points:
is there any guarantee on the security of these URLs as we strictly DO NOT want it to fall in the hands of any user or anybody outside the workspace and we're expecting it to be used by slack ONLY
As long as you have the necessity to make the video URL available in a video block, the URL must be publicly accessible for everyone including Slack's servers. Unfortunately, there is no greatly secure way to limit the visitors to the URL. If you attach a long-enough query string to the URL, the URL should be almost inaccessible to people outside the Slack workspace. With that being said, if the URL is leaked, still there is a possibility that random people may access the video.
We use signed URLs with a timeout for our video content, as most other applications, and I wanted to confirm if slack makes a request for this video content each time the message block comes into frame/the chat is loaded/etc.
When you display the video URL only on a short-lived modal view, a URL with expiration can work well. However, when it comes to channel messages, the URL needs to be the same forever (as long as your app does not periodically update all the URLs it posted in channels). Thus, this approach does not help. Also, I cannot think of any other workaround in this direction.
- Is there any way to identify requests coming from slack?
Unfortunately, there is no way to achieve this as for incoming requests from Slack.
Our platform team does not have any short-term plans to enhance the video block element to support your use cases. Therefore, the only meaningful suggestion I have is to give up embedding the video content in Block Kit using the video block element. Alternatively, you can upload the video to your Slack workspace and/or just share the video content URL as a link in Slack.
I understand that this is not the best expected answer for you, but I hope this clarifies.
from python-slack-sdk.
WilliamBergamin
commented on June 16, 2024
@saurabh0719 I've been querying internally to get this information and agree with everything @seratch has mentioned
I can also answer the following
- Does slack download the content ahead of time and keep a copy?
No slack does not make a copy or cache the content
We use signed URLs with a timeout for our video content, as most other applications, and I wanted to confirm if slack makes a request for this video content each time the message block comes into frame/the chat is loaded/etc.
I have some context for Mobil specifically on the client/browser this may be slightly different, Mobile loads the video only when playing it in a modal, not on the chat surface directly. The modal uses standard HTTP caching, the same as if the URL of the video was copy pasted into the navigation bar on Safari iOS, or Chrome Android.
I may be getting more info on this in the coming days, I will share what I can here
from python-slack-sdk.
github-actions
commented on June 16, 2024
👋 It looks like this issue has been open for 30 days with no activity. We'll mark this as stale for now, and wait 10 days for an update or for further comment before closing this issue out. If you think this issue needs to be prioritized, please comment to get the thread going again! Maintainers also review issues marked as stale on a regular basis and comment or adjust status if the issue needs to be reprioritized.
from python-slack-sdk.
github-actions
commented on June 16, 2024
As this issue has been inactive for more than one month, we will be closing it. Thank you to all the participants! If you would like to raise a related issue, please create a new issue which includes your specific details and references this issue number.
from python-slack-sdk.
Related Issues (20)
- I am trying to post a message to slack along with a attachment i am getting error as The server responded with: {'ok': False, 'error': 'channel_not_found'} HOT 4
- Unpredictable behaviour using .files_upload_v2 HOT 3
- websocket_client-based SocketModeClient does not reconnect after a DNS outage HOT 1
- ModuleNotFoundError: no module named 'slack' HOT 14
- client.files_upload_v2 complains about channel not found but client.files_upload works. HOT 3
- `RichTextElement.elements` items are never promoted to a proper Python object type HOT 4
- Slack WebClient Proxy Error HOT 3
- Duplicated Messages from Bot Deployed on Vercel HOT 1
- Last Bullet List Item Not Displayed on iOS Devices HOT 2
- Why we don't use certifi root certificates by default? HOT 7
- API Cursor Pagination Performance : conversations.list HOT 3
- Method Argument Alignment: chat.postMessage, chat.update HOT 2
- Async client uses blocking call when uploading file with v2 HOT 1
- Error occurred while updating the thread in slack: 'file' HOT 1
- When sending a message with metdata through the API as a bot, the metadata.event_payload is not returned HOT 2
- Need help with Python and files_completeUploadExternal method HOT 2
- Need a method to get the channel ID using the current channel name HOT 2
- How can I read messages using the WebClient? HOT 5
- `CheckboxesElement` within `ActionsBlock` silently fails to render when `initial_options` does not exactly match a given `Option` in the element's `options` list HOT 2
- Add `Options` / `initial_options` validation
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python-slack-sdk.