Discussions

Discussions

Ask a Question
Back to All

Feature request & question : Add a “better” branded block page for greater customization

3 months ago by Afi

Hello,

it's been a while since I was a NextDNS customer and I jumped ship because I saw that Control D developers are responsive and implement new features, one of the features that was really sad that I did not have with NextDNS is the customizable block page, Until then, it was just hell for me, but when I tried ControlD, I really liked it, but despite the customizable blocking page, it's still not the best blocking page out there.

Here's what I propose to the ControlD developer, which could be the best solution and attract a lot of people and greatly satisfy a good number of people like me.

Suggest in the “Branded” option the possibility of uploading an html/css file that would really allow you to customize this page as you want and for me would really be a plus and a reason to pay. That way, you could really personalize the page.

Currently I see that the developer uses the same blocking page and uses javascript to dynamically modify this one with our personalization linked to the profile.

So I suggest adding the possibility of truly personalizing this page as we wish.

The first idea that comes to mind is to slightly modify the javascript logic to make a blank page that will call to download an html file via the page https://.verify.controld.com/detect/fetch-cbp and display it to the user, who can then view this personalized page.

I don't know if this creates problems on the browser side with content security policies, but it seems to me that with javascript you can interpret html without any problems, provided that the content security on the proxy side is set correctly.

I also don't really understand why you'd want to prevent the user from customizing the page, especially since the security excuse doesn't hold water. I can understand that you can create XSS vulnerabilities like that, but if you think about it, only the user can change the code of the page, even someone trying to modify verify. controld.com to spoof the server wouldn't be able to since the ssl signature wouldn't be the same as the SA certificate, I don't really understand and I'd like a ControlD developer to explain this choice.

Afi.

Log in to add a comment.