-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[wrong target branch] #52
Conversation
Improvements
|
||
export default async function (req: Request, res: Response) { | ||
const userError = (message: string) => { | ||
res.status(400).send(message); |
Check warning
Code scanning / CodeQL
Information exposure through a stack trace Medium
stack trace information
event, | ||
}; | ||
|
||
window.postMessage(message, "*"); |
Check warning
Code scanning / CodeQL
Cross-window communication with unrestricted target origin Medium
Sensitive data
mixpanel.track(eventName, { ...others, distinct_id: userId }); | ||
} | ||
|
||
res.status(200).send(userId); |
Check warning
Code scanning / CodeQL
Reflected cross-site scripting Medium
Previously the user id was passed as a cookie. Due to some security limitations, it wasn't included in subsequent calls. And I couldn't find a quick workaround for it.
I refactored the code to
(
sendEvent
function takes care of these).