mirror of
https://github.com/coollabsio/coolify.git
synced 2026-03-11 08:55:47 +00:00
Never trust Livewire component properties for authorization decisions, as snapshots can be replayed from another user's session. Re-evaluate all permission checks fresh using auth()->user()->can() against current policies to ensure the authenticated user is being authorized, not a replayed copy. - Replace cached canUse* booleans with fresh policy evaluation - Add comprehensive security tests for token creation permissions - Update API authorization tests to verify middleware blocking behavior |
||
|---|---|---|
| .. | ||
| Api | ||
| Application | ||
| Auth | ||
| Authorization | ||
| EnvironmentVariable | ||
| Helpers | ||
| Jobs | ||
| Proxy | ||
| Security | ||
| Server | ||
| Service | ||
| Team | ||