Eric Bauer

Results 5 comments of Eric Bauer

Content Security Policy not properly detected in Rails

Here's an alternative, add this to your `config/environments/development.rb`: ``` MyApp::Application.configure do ... config.content_security_policy { } ... end ``` That will initialize an empty policy prior to bullet init which makes...

CDATA in intercom_script_tag results in the csp_sha256 mismatch and a failing CSP

@shivam-chahar a simple solution I used is taking the hash manually of `intercom_script_tag` and adding it to my CSP.

fix: clear unique_session_id when user signs out

@dillonwelch we noticed when a user sign-outs the session is still valid and can be replayed. This creates an increased vulnerability for [session hijacking](https://owasp.org/www-community/attacks/Session_hijacking_attack).

fix: clear unique_session_id when user signs out

@dillonwelch is there anything else I need to do for contributing and getting this fix looked at? I followed the steps [guide](https://github.com/devise-security/devise-security?tab=readme-ov-file#contributing-to-devise-security)

fix: clear unique_session_id when user signs out

@olbrich can you help me with next steps here?