Greg Martyn
Greg Martyn
A typical CSP workaround is to put the data in the page as e.g. a data attribute on some known element. E.g. ``. Something like that. The data doesn't go...
There are times when we want to redirect based on logic that is more complicated than just paths. Maybe the user is trying to navigate somewhere they're not allowed to,...
@Rutulpatel7077 it says there are conflicts that have to be resolved first
The two usages I see are: ``` /** * Promise implementation -- defaults to the native implementation if available * This is mostly just for testability * * @type {PromiseConstructorLike}...
#160
I think this has a symlink race unless we manage to pass `O_NOFOLLOW` to `fs.open`. That wouldn't let realroot have symlinks though (unless there's a way to call `openat`?) and...
Right -- classic TOCTOU. Further protecting us is that the check you're doing is synchronous, so you'd have to be running something like pm2 or kubernetes to be vulnerable. That...
@fivethreeo `await` is already being used in that file (e.g. `razzleOptions = await plugin.modifyOptions({`) and was added in nodejs v8. This change is backwards compatible. In the latest commit, I...
If someone wants to opt-in to ECMAScript modules, they have to set `type: "module"` in `package.json` and convert `razzle.config.js` from commonjs to ECMAScript module. Had they tried using `type: "module"`...
I'm so sorry to hear that! Will you be okay? Is there anything we can do to help you out?