> For one it had to originate from app.opencode.com No, that was the initial mitigation !...

rafram • today at 4:56 AM • 2 replies • view on HN

> For one it had to originate from app.opencode.com

No, that was the initial mitigation! Before the vulnerability was reported, the server was accessible to the entire world with a wide-open CORS policy.

https://github.com/anomalyco/opencode/commit/7d2d87fa2c44e32...

Replies

ofrzeta • today at 6:00 AM

How is it wide open? Does everything go through a localhost proxy?

➕ show 1 reply

alt Hacker News

Replies