pages/[team]/settings/index.vue#L105

Hi team,

This time i founded this vulnerability in your website:
https://nuxtjs.org/

Click jacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.

The server didn't return an X-Frame-Options header which means that this website could be at risk of a click jacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a or <iframe>. Sites can use this to avoid click jacking attacks, by ensuring that their content is not embedded into other sites.

This vulnerability affects Web Server.

Here are the steps to reproduce the vulnerability:

1.open notepad and paste the following code.

This is clickjacking vulnerable

2.save it as .html eg s.html

3.and just simply open that...

OR
Copy the link below and paste on your updated browser (Chrome,Firefox).
https://clickjacker.io/test?url=https://nuxtjs.org/
As far as i know this data is enough to prove that your site is vulnerable to Click jacking
according to OWASP its more than enough.

https://www.owasp.org/index.php/Testing_for_Clickjacking_(OWASP-CS-004)

SOLUTION:

https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet

Check this out and here is the solution for that.

I Hope that you will fix this issue as soon as possible. Looking forward to hear from you. Thank you

Sincerely,
Hassan Raza

When using <component :is="$attrs.onSubmit ? 'form': 'div'"> it seems $attrs is not populated on server-side

Same thing as #22

Adding avatar no longer works on create or update team

Since the ui lib now uses the new version of Nuxt Color Mode, we'll need to add a ThemeSelect component https://github.com/docusgen/docus.com/blob/dev/components/atoms/ThemeSelect.vue and add it in the dropdown like on Docus:

With message: application error, no access_token
https://volta.s3.fr-par.scw.cloud/cancel_githup_auth_16e24dd88b.mp4

When we moved from UnoCSS to TailwindCSS, we lost the ability to parse and bundle iconify-json through UnoCSS parser. With no idea on how to achieve the same behaviour with TailwindCSS, we made use of iconify-vue to load icons on the fly: https://github.com/nuxtlabs/ui/blob/dev/src/runtime/components/elements/Icon.vue

https://github.com/docusgen/docus.com/blob/dev/pages/_team/settings/index.vue#L3

nuxt-modules/color-mode#127

The http call can be left commented for now. However, the confirm method: https://github.com/docusgen/docus.com/blob/dev/pages/_team/settings/index.vue#L206, should be replaced by the AlertDialog component: https://github.com/nuxtlabs/nuxt.com/blob/dev/pages/account/teams.vue#L78

https://github.com/nuxtlabs/nuxt.com/blob/50dfa20bb1daaee2a72daa521bd0b8813b9598b5/pages/account/teams.vue#L120

https://volta.s3.fr-par.scw.cloud/Clean_Shot_2022_02_10_at_13_23_25_55c00268bc.mp4

https://vueuse.org/core/useClipboard/

This component should handle templates fetching and could be called components/templates/projects/ProjectsListPlaceholder.vue

https://tailwindui.com/components/application-ui/forms/sign-in-forms#component-bc08eb211afa45fad7c9f89c1891f284

For example, when going to /teams/invite the user might not be logged and will be redirected to /login. We should store the redirect cookie to be redirected to /teams/invite.

When i remove a member in [team]/settings/members, the member is deleted but if i refresh the page it reappear

No toast is displayed on strapi:error when 405.
After logging the Strapi4Error of strapi.client.js, it seems the error object is not the same between 405 and 403 for example, causing a crash on title: e.error.name, description: e.error.message accesses.

https://vercel.com/account/login-connections

When using useAsyncData, the http call is made on server and on client.

We'll have to mock the API for now

1. Select repository
2. Project form (name, team, ...)

1. Select a template
2. Create git repository
3. Project form (name, team, ...)

When going to /teams/invite?code=: https://github.com/docusgen/docus.com/blob/dev/pages/teams/invite.vue