-
• Description: Missing HSTS and X-Content-Type-Options headers could expose the application to man-in-the-middle attacks and content injection. Additionally, an outdated JavaScript library (Bootstrap)…
-
Version: Deno 2.1.1
A standard sign-in page will return authentication details (e.g. JWT) in the cookies header of the 302 (redirect) response, which can then be used to validate requests to access…
-
Title: Need to add security headers and CORS policies
**As a** service provider
**I need** my service to use security headers and CORS policies
**So that** my web site is not vulnerable …
-
### Discussed in https://github.com/orgs/WalletConnect/discussions/5516
Originally posted by **sebidelamata** November 22, 2024
Hello WalletConnect team,
I'm encountering a persistent Conte…
-
Input Validation & Sanitization: Ensure all user inputs are validated and sanitized to prevent attacks like SQL injection and XSS.
Secure Environment Variables: Move sensitive information (API keys…
-
### Name and Version
bitnami/matomo 9.0.0
### What architecture are you using?
amd64
### What steps will reproduce the bug?
I am trying to deploy this chart to our Kubernetes cluster (A…
-
I'm trying to run python3.13 on the web ui and keep getting this:
AttributeError: 'Secure' object has no attribute 'framework'
I've tried to install python-framework but that leads me down a rabbi…
-
There are CORS headers that allow any Origin to make a request to dagu
https://github.com/dagu-org/dagu/blob/e66978da753838e48dded8431c0e97002b621dfa/internal/frontend/middleware/global.go#L122-L13…
-
**Description**
The CSRF token is exposed in the URL, which presents a potential security vulnerability. Expected behavior would be to handle the CSRF token securely in headers or hidden fields in …
-
**Is your feature request related to a problem? Please describe.**
Currently, Azure Static Web Apps do not support Content Security Policy (CSP) nonces, which are crucial for securing inline scripts…