Security vulnerabilities and automated fixes for cross origin issues
1 post found
A medium-severity vulnerability was discovered in `frontend/resources/js/bridge.js` where `window.postMessage()` was configured with a wildcard (`"*"`) as the target origin, potentially allowing any malicious website to intercept sensitive messages. This misconfiguration opens the door to information disclosure attacks by removing all origin-based restrictions on who can receive cross-frame communications. The fix restricts message delivery to only trusted, explicitly defined origins — closing a