Skip to content

Support couchapp attachments while testing locally #142

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
cesine wants to merge 2 commits into from
Closed

Support couchapp attachments while testing locally #142

cesine wants to merge 2 commits into from
+28 −1

Conversation

@cesine
Copy link
Member

@cesine cesine commented Dec 26, 2025

Couchapp attachments are vulnerable to a permissions escalation https://docs.couchdb.org/en/stable/cve/2021-38295.html

  • use the same csp as _utils for localhost testing
  • add the headers to the proxy so that only signed files can be executed in the couchapps like the prototype that are not writable by users

@cesine cesine enabled auto-merge December 26, 2025 15:09
@cesine cesine mentioned this pull request Dec 26, 2025
Merged
2 tasks
@cesine cesine closed this in #143 Dec 26, 2025
auto-merge was automatically disabled December 26, 2025 15:32

Pull request was closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cesine