Skip to content

Support couchapp attachments #143

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cesine merged 4 commits into from
Dec 26, 2025
Merged

Support couchapp attachments #143

cesine merged 4 commits into from
Dec 26, 2025
+30 −2

Conversation

@cesine
Copy link
Member

@cesine cesine commented Dec 26, 2025
edited
Loading

closes #142

Couchapp attachments are vulnerable to a permissions escalation https://docs.couchdb.org/en/stable/cve/2021-38295.html

  • use the same csp as _utils for localhost testing
  • add the headers to the proxy so that only signed files can be executed in the couchapps like the prototype that are not writable by users

@cesine cesine enabled auto-merge December 26, 2025 15:21
@cesine cesine merged commit 96778bd into main Dec 26, 2025
3 checks passed
@cesine cesine deleted the support-couchapp-attachments branch December 26, 2025 15:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cesine @MatMath