issues Search Results · language:Dune language:JavaScript language:HTML language:Python language:JavaScript language:HTML
Filter by
47.3M results
Description
TRUSTED_PROXY_IPS defaults to *, meaning Uvicorn/Starlette trusts X-Forwarded-For and X-Forwarded-Proto headers from any
client. A user on the same network can spoof these headers, potentially ...
security
genebean
Description
Required configuration values (OIDC_ISSUER_URL, OIDC_CLIENT_ID, OIDC_CLIENT_SECRET, ADMIN_GROUP, USER_GROUP) are read
from environment variables but the application does not assert they are ...
security
Description
SECRET_KEY defaults to change-me-in-production if the environment variable is not set. The application starts
successfully with this value, meaning all session cookies are signed with a public ...
security
Description
POST /auth/logout is submitted via a plain HTML form with no CSRF token. A third-party page can trigger logout for any
logged-in user via a hidden auto-submitting form. Impact is low (forces ...
security
Add the Spell Target Calculator (currently only in wizard Step 6) to Play Mode as a tile in the left counters column, so
casters have it during a session without leaving Play Mode.
Design
- New tile ...
sidherun
Summary
Implementar el módulo Leonidas completo: motor de asignación automática del grupo muscular del día (respetando
descansos, secuencias prohibidas y restricciones por día), registro de sesiones con ...
api
backend
feature
priority:high
ready
kvnaponte
Anchor: T11-MULTIDIM-2025
Context
Phase 11 is fully complete and tested per modules/nexus/multidim/PHASE11_COMPLETE.md — consciousness level 0.995
achieved across all 6 dimensional axes, all files implemented, ...
nexus
phase-11
AUo959
Prerequisites
- [x] This issue has an informative and human-readable title.
💡 Summary
Update GWS.COMMONCONTROLS.14.2v1 to support OMB M-26-14.
Motivation and context
OMB M-21-31 has been rescinded. ...
baseline-document
enhancement
adhilto
Issues
- order does not update when payment fails
FateYoRHa
Description
Any authenticated user can submit a URL with a non-HTTP scheme (e.g. file:///etc/passwd, rtmp://, or an internal LAN
address) and it will be passed directly to yt_dlp.YoutubeDL.extract_info() ...
security
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.