Skip to content

Revamp file-based data access#696

Merged
jbms merged 1 commit into
masterfrom
kvstore-refactor
Jan 19, 2025
Merged

Revamp file-based data access#696
jbms merged 1 commit into
masterfrom
kvstore-refactor

Conversation

@jbms

@jbms jbms commented Jan 17, 2025

Copy link
Copy Markdown
Collaborator

Comment on lines +42 to +50
res.send(`
<html>
<body>
<script>
window.opener.postMessage(${jsonToken}, ${jsonOrigin});
</script>
</body>
</html>
`);

Check failure

Code scanning / CodeQL

Reflected cross-site scripting

Cross-site scripting vulnerability due to a [user-provided value](1).
const cookies = cookie.parse(req.headers.cookie ?? "");
const origin = req.headers.origin ?? "";
res.set("x-frame-options", "deny");
res.set("access-control-allow-origin", origin);

Check failure

Code scanning / CodeQL

CORS misconfiguration for credentials transfer

[Credential](1) leak vulnerability due to a [misconfigured CORS header value](2).
Comment thread tests/fixtures/fake_s3_server.ts Fixed
@jbms jbms force-pushed the kvstore-refactor branch 12 times, most recently from 366d41a to f5e932b Compare January 19, 2025 04:34
- New datasource URL syntax based on ZEP 8
proposal (zarr-developers/zeps#48)
- Support for ZIP archives
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants