mirror of
https://github.com/coollabsio/coolify.git
synced 2026-03-11 08:55:47 +00:00
Never trust Livewire component properties for authorization decisions, as snapshots can be replayed from another user's session. Re-evaluate all permission checks fresh using auth()->user()->can() against current policies to ensure the authenticated user is being authorized, not a replayed copy. - Replace cached canUse* booleans with fresh policy evaluation - Add comprehensive security tests for token creation permissions - Update API authorization tests to verify middleware blocking behavior |
||
|---|---|---|
| .. | ||
| Browser | ||
| Feature | ||
| Traits | ||
| Unit | ||
| v4 | ||
| CreatesApplication.php | ||
| DuskTestCase.php | ||
| Pest.php | ||
| TestCase.php | ||