Comments (7)
Hi @saurabh0719 thanks for writing in 💯
This question seems to target the behavior of the backend, and does not strictly affect the python-slack-sdk project, I will try to get some answers from my end but you can also join our slack community to ask about this behavior
from python-slack-sdk.
@WilliamBergamin thanks for the quick turnaround. Yeah it does not affect the python SDK per say, we just happen to use the python SDK ourselves and I've had a great experience asking questions here as I always seem to get a quick reply and clarification! So since this was time sensitive I figured, why not.
I'll surely check out the community, but if you do have anything that you can share from your end, then please do. :)
from python-slack-sdk.
https://forums.slackcommunity.com/s/ seems to be down at the moment. Unsure where to post this question. Will an email to slack support work? But I figured that's not for developer problems.
@seratch will you be able to help by any chance?
from python-slack-sdk.
@saurabh0719 I may not be able to resolve all your questions / concerns on security but let me share a few general points:
is there any guarantee on the security of these URLs as we strictly DO NOT want it to fall in the hands of any user or anybody outside the workspace and we're expecting it to be used by slack ONLY
As long as you have the necessity to make the video URL available in a video block, the URL must be publicly accessible for everyone including Slack's servers. Unfortunately, there is no greatly secure way to limit the visitors to the URL. If you attach a long-enough query string to the URL, the URL should be almost inaccessible to people outside the Slack workspace. With that being said, if the URL is leaked, still there is a possibility that random people may access the video.
We use signed URLs with a timeout for our video content, as most other applications, and I wanted to confirm if slack makes a request for this video content each time the message block comes into frame/the chat is loaded/etc.
When you display the video URL only on a short-lived modal view, a URL with expiration can work well. However, when it comes to channel messages, the URL needs to be the same forever (as long as your app does not periodically update all the URLs it posted in channels). Thus, this approach does not help. Also, I cannot think of any other workaround in this direction.
- Is there any way to identify requests coming from slack?
Unfortunately, there is no way to achieve this as for incoming requests from Slack.
Our platform team does not have any short-term plans to enhance the video block element to support your use cases. Therefore, the only meaningful suggestion I have is to give up embedding the video content in Block Kit using the video block element. Alternatively, you can upload the video to your Slack workspace and/or just share the video content URL as a link in Slack.
I understand that this is not the best expected answer for you, but I hope this clarifies.
from python-slack-sdk.
@saurabh0719 I've been querying internally to get this information and agree with everything @seratch has mentioned
I can also answer the following
- Does slack download the content ahead of time and keep a copy?
No slack does not make a copy or cache the content
We use signed URLs with a timeout for our video content, as most other applications, and I wanted to confirm if slack makes a request for this video content each time the message block comes into frame/the chat is loaded/etc.
I have some context for Mobil specifically on the client/browser this may be slightly different, Mobile loads the video only when playing it in a modal, not on the chat surface directly. The modal uses standard HTTP caching, the same as if the URL of the video was copy pasted into the navigation bar on Safari iOS, or Chrome Android.
I may be getting more info on this in the coming days, I will share what I can here
from python-slack-sdk.
👋 It looks like this issue has been open for 30 days with no activity. We'll mark this as stale for now, and wait 10 days for an update or for further comment before closing this issue out. If you think this issue needs to be prioritized, please comment to get the thread going again! Maintainers also review issues marked as stale on a regular basis and comment or adjust status if the issue needs to be reprioritized.
from python-slack-sdk.
As this issue has been inactive for more than one month, we will be closing it. Thank you to all the participants! If you would like to raise a related issue, please create a new issue which includes your specific details and references this issue number.
from python-slack-sdk.
Related Issues (20)
- Search.messages API does not return messages from bots/automations HOT 4
- SlackApiError: 'dict' object has no attribute 'status_code' HOT 3
- How do I get the actual response when an error raised? HOT 1
- Add file input block element support
- Unable to send image with `files_upload_v2()` to single user HOT 3
- Add apps.manifest.* & tooling.tokens.rotate API support
- Add rich_text classes to slack_sdk.models module HOT 2
- files_upload() initial_comment isn't formatted (regression) when posting a Slack post HOT 5
- Download file using WebClient HOT 1
- Add MongoDB installation store HOT 2
- Happy Holidays! ❄️ ⏳ The team will be on break from Dec 22nd 2023 to Jan 3rd 2024
- Built-in InstallationStores fail to resolve a valid bot token when both bot and user-only installations co-exist in database tables HOT 2
- block/type/image should allow image_url to reference an uploaded file to Slack without having to make it public HOT 2
- aiohttp based socket_mode failed to reconnect and enter a broken state HOT 6
- Add "slack_file" properties to "image" blocks/elements under slack_sdk.models
- Option to block link url preview HOT 1
- Append `thread_ts` to the payload of a lazy listener in Slash Commands HOT 2
- What is 'Received a response in a non-JSON format' in chat.update HOT 3
- Can't install async (optional) dependencies in 3.26.2 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python-slack-sdk.