Our stack: Vue.js frontend using vuetify component lib custom python middleware rest api using flask + tornado matomo running externally and connected to the frontend using vues plugin system.(https://github.com/AmazingDreams/vue-matomo) We recently added matamo to our site and very very rarely we’ve no…
Tag: security
How to make Google Analytics respond to “Do Not Track”
I am planning to put google analytics tracking code on my website, but I don’t know how to make it respond to those who send the “Do not track” signal. How can I make GA tracking code track those who don have DNT signal while protecting those who have it? Answer I just want to jump in to say…
vuex empty state on logout
Quick story of my problem: Absolutely no data is stored in my vuex state when the page loads If the user is logged in(or has info stored in window.localStorage and therefore gets auto logged in) my vuex store retrieves all the info from a socket that requires authentication. Then the user logs out, But my vue…
Is there any way to make user uploaded SVG images safe from code injection etc?
I want to display user uploaded SVG images on a website, but they’re quite open to exploits: https://security.stackexchange.com/questions/11384/exploits-or-other-security-risks-with-svg-upload https://security.stackexchange.com/questions/36447/img-tag-vulnerability For example, arbitrary javascript can …
CSRF protection with CORS Origin header vs. CSRF token
This question is about protecting against Cross Site Request Forgery attacks only. It is specifically about: Is protection via the Origin header (CORS) as good as the protection via a CSRF token? Example: Alice is logged in (using a cookie) with her browser to https://example.com. I assume, that she uses a mo…
How to store a password as securely in Chrome Extension?
I’m writing an Chrome extension right now which autofills credentials similar to Chrome’s autofill (in which case Chrome’s autofill fails). Is there a secure way to store the username/password in localstorage (all client-side)? If I encrypt the password, won’t the key be locally stored…
What makes an input vulnerable to XSS?
I’ve been reading about XSS and I made a simple form with a text and submit input, but when I execute <script>alert();</script> on it, nothing happens, the server gets that string and that’s all. What do I have to do for make it vulnerable?? (then I’ll learn what I shouldn’…