All Questions
Tagged with security javascript
3,801 questions
0
votes
0
answers
28
views
How to secure a Nextjs API call with supabase service key?
I am creating an API call in a Nextjs (with Supabase) application which need to be secured. For my application a user should be logged which is enforced by the middleware and the await supabase.auth....
- 2,634
1
vote
1
answer
61
views
Inconsistency in logged fingerprint (abuse/fraud combat) on Wordpress
I'm working on a WordPress site with BuddyPress, the BuddyX Pro theme, and the Wise Chat Pro plugin. Recently, I’ve been tackling abuse on the group chat page, where users often bypass IP-based bans ...
- 64
0
votes
1
answer
42
views
How to Collect Data Across Iframes on a Shared Domain Without Interacting With the Main Page?
I am working on an implementation involving hosted fields for securely handling credit card information. My setup includes the following:
An HTML page containing 4 iframes:
3 iframes for credit card ...
-1
votes
0
answers
27
views
Storing tokens using Cache API in a service worker
I have a project where I need to attach a bearer token onto HTTP requests going to an API. The straightforward way to persist the token is to store it in localStorage and then manually attach it to ...
- 134
0
votes
1
answer
52
views
Is it possible to design a "paywalled" Web API that is meant to be consumed securely from a web frontend?
Let's say I want to design an API that does something useful that people pay monthly to consume. Let's say an endpoint for this API is the following:
https://www.example.com/api/GetMeaningOfLife
Since ...
- 3,499
0
votes
0
answers
41
views
Is there a way to prevent React from obscuring error messages in production?
I'm working on a [email protected] connected to Rollbar for error logging. We are getting "An error occurred in the Server Components render. The specific message is omitted in production builds to ...
0
votes
0
answers
39
views
Cross-site Scripting (XSS) in the src property
Currently in my code I have an image snippet where I pass a src with native image import within my project folder. Previously I was directly passing the image import nomenclature within the src. To ...
0
votes
1
answer
44
views
How to Securely Redirect to a Dynamic Logout URL in Vue.js Without Causing an Open Redirect Vulnerability? [closed]
I'm working on a Vue.js application where we need to securely redirect users to a logout URL. This URL is dynamically set through environment variables (process.env.VUE_APP_LOGOUT), which changes ...
- 756
0
votes
1
answer
220
views
How to Detect Web Scrapers Using Chrome DevTools Protocol (CDP) Instead of Selenium or Puppeteer?
I'm experiencing an issue where my website is being targeted by web scraping bots. It appears that the attackers are controlling Chrome browsers using the Chrome DevTools Protocol (CDP) directly, ...
0
votes
1
answer
47
views
Dropping root privileges in NodeJS doesn't seem to have an effect
I want to have root privileges on startup and drop them later. Background is a server written with NodeJS on Ubuntu 24.04 that needs to read in a private key. I followed these instructions using ...
0
votes
0
answers
40
views
sanitize-html not acknowledging allowedSchemes options
var sanitizeHtml = require("sanitize-html");
const ALLOWED_SCHEMES = ['http', 'https'];
const htmlStr = '\'"><meta http-equiv="refresh" content="0;url=file:///etc/...
0
votes
0
answers
18
views
CSP report-to URL in an authenticated context
I am trying to use the report-to CSP directive to report policy violations. This works well if the specified endpoint is a public (non-authenticated) URL. However, I would like the reporting URL to ...
- 71
0
votes
1
answer
1k
views
Content Security Policy Error: Refused to Execute Inline Script
I'm working on a React application where I’m trying to integrate particles.js for a visual effect. While everything works perfectly in my local development environment, I’m running into a Content ...
- 1
0
votes
1
answer
48
views
How can you automate security audits of javascript packages when using Rails importmap?
When using a package manager like npm you have the ability to run npm audit on your package.json file to check for any known vulnerabilities. You can then add this check to your CI Pipeline to ...
- 1,325
0
votes
0
answers
237
views
Reproducing WordPress < 6.5.5 Contributor+ Stored XSS Vulnerability
I am trying to reproduce the WordPress vulnerability WordPress < 6.5.5 - Contributor+ Stored XSS in Template-Part Block.
The WPScan report description mentions that WordPress does not properly ...
- 1