nuxt / nuxt.com Goto Github PK
View Code? Open in Web Editor NEWThe Nuxt website, made with Nuxt.
Home Page: https://nuxt.com
License: MIT License
The Nuxt website, made with Nuxt.
Home Page: https://nuxt.com
License: MIT License
Since the ui lib now uses the new version of Nuxt Color Mode, we'll need to add a ThemeSelect
component https://github.com/docusgen/docus.com/blob/dev/components/atoms/ThemeSelect.vue and add it in the dropdown like on Docus:
When we moved from UnoCSS to TailwindCSS, we lost the ability to parse and bundle iconify-json through UnoCSS parser. With no idea on how to achieve the same behaviour with TailwindCSS, we made use of iconify-vue to load icons on the fly: https://github.com/nuxtlabs/ui/blob/dev/src/runtime/components/elements/Icon.vue
With message: application error, no access_token
https://volta.s3.fr-par.scw.cloud/cancel_githup_auth_16e24dd88b.mp4
No toast is displayed on strapi:error
when 405.
After logging the Strapi4Error
of strapi.client.js
, it seems the error object is not the same between 405 and 403 for example, causing a crash on title: e.error.name, description: e.error.message
accesses.
Same thing as #22
pages/[team]/settings/index.vue#L105
Adding avatar no longer works on create or update team
When i remove a member in [team]/settings/members
, the member is deleted but if i refresh the page it reappear
When using useAsyncData
, the http call is made on server and on client.
When using <component :is="$attrs.onSubmit ? 'form': 'div'">
it seems $attrs
is not populated on server-side
For example, when going to /teams/invite
the user might not be logged and will be redirected to /login
. We should store the redirect cookie to be redirected to /teams/invite
.
When going to /teams/invite?code=
: https://github.com/docusgen/docus.com/blob/dev/pages/teams/invite.vue
Hi team,
This time i founded this vulnerability in your website:
https://nuxtjs.org/
Click jacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this website could be at risk of a click jacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a or <iframe>. Sites can use this to avoid click jacking attacks, by ensuring that their content is not embedded into other sites.
This vulnerability affects Web Server.
Here are the steps to reproduce the vulnerability:
1.open notepad and paste the following code.
<title>i Frame</title>2.save it as .html eg s.html
3.and just simply open that...
OR
Copy the link below and paste on your updated browser (Chrome,Firefox).
https://clickjacker.io/test?url=https://nuxtjs.org/
As far as i know this data is enough to prove that your site is vulnerable to Click jacking
according to OWASP its more than enough.
https://www.owasp.org/index.php/Testing_for_Clickjacking_(OWASP-CS-004)
SOLUTION:
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Check this out and here is the solution for that.
I Hope that you will fix this issue as soon as possible. Looking forward to hear from you. Thank you
Sincerely,
Hassan Raza
The http call can be left commented for now. However, the confirm method: https://github.com/docusgen/docus.com/blob/dev/pages/_team/settings/index.vue#L206, should be replaced by the AlertDialog
component: https://github.com/nuxtlabs/nuxt.com/blob/dev/pages/account/teams.vue#L78
This component should handle templates
fetching and could be called components/templates/projects/ProjectsListPlaceholder.vue
We'll have to mock the API for now
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.