Dokploy/dokploy
1
0
Fork 0
mirror of https://github.com/Dokploy/dokploy.git synced 2026-06-30 03:25:22 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
8b6481501e6e379b9ce32c4da4201fcb7a65364a
dokploy/apps/dokploy
History
viky 8b6481501e fix: add method="post" to auth forms to prevent credential leak in URL (#4683) 
Auth forms (login, register, 2FA, backup-code, reset-password) had no
method attribute, defaulting to GET. react-hook-form's handleSubmit
preventDefault()s only after hydration; submitting in the pre-hydration
or no-JS window triggers a native GET to the current URL, leaking
email/password into the URL, history, access logs and Referer header.

Setting method="post" makes the native fallback a POST so credentials
go in the request body instead. Normal JS submit path is unchanged.
Verified in a browser: GET (?email&password) -> POST (clean URL).

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 12:03:13 -06:00
..
__test__
Feat/concurrent deployments in memory queue (#4645)
2026-06-16 23:15:19 -06:00
components
feat: enhance TLS certificate selection UI in AddDomain component (#4705)
2026-06-29 12:01:26 -06:00
docker
drizzle
Feat/concurrent deployments in memory queue (#4645)
2026-06-16 23:15:19 -06:00
hooks
Merge branch 'canary' into feat/libsql
2026-03-19 11:20:22 -06:00
lib
[autofix.ci] apply automated fixes
2026-04-05 02:29:17 +00:00
pages
fix: add method="post" to auth forms to prevent credential leak in URL (#4683)
2026-06-29 12:03:13 -06:00
public
Replace logo.svg with updated SVG design
2026-02-04 11:10:13 -03:00
scripts
🚀 Release v0.29.5 (#4475)
2026-05-22 17:21:12 -06:00
server
fix: resolve server from parent entity in deployment.readLogs (#4689)
2026-06-29 11:10:19 -06:00
styles
feat(dashboard): replace Chatwoot widget with HubSpot widget in dashboard layout
2025-12-09 16:46:29 -06:00
templates
fix: replace traefik.me with sslip.io for auto-generated domains
2026-05-08 19:04:24 -06:00
types
[autofix.ci] apply automated fixes
2025-07-14 15:30:24 +09:00
utils
feat(validation): enhance destination path validation in file upload schema
2026-05-09 00:57:12 -06:00
.dockerignore
.env.example
Fix newline at end of .env.example file
2025-11-25 12:02:52 -05:00
.env.production.example
chore(env): remove hardcoded DATABASE_URL from production example file
2026-01-21 16:56:30 +01:00
.gitignore
components.json
esbuild.config.ts
fix(esbuild): update path for migrate-auth-secret script
2026-05-11 11:34:21 -06:00
logo.png
migration.ts
refactor(db): centralize database URL configuration by importing dbUrl from constants
2026-01-21 17:33:06 +01:00
next.config.mjs
chore(dependencies): update zod version across multiple packages to 3.25.76 and remove unused i18next dependencies
2026-02-16 02:09:33 -06:00
package.json
chore: bump dokploy version to v0.29.8
2026-06-06 15:08:52 -06:00
postcss.config.cjs
reset-2fa.ts
refactor(auth): replace findAdmin with findOwner in user management logic and update role-based permissions in the dashboard
2025-12-07 02:51:03 -06:00
reset-password.ts
refactor(auth): replace findAdmin with findOwner in user management logic and update role-based permissions in the dashboard
2025-12-07 02:51:03 -06:00
setup.ts
chore: Reorder and clean up imports, update openapi schema, and improve
2026-02-16 14:01:00 +05:30
tailwind.config.ts
fix(config): the min- and max- variants are not supported with a screens configuration containing mixed units
2025-07-09 18:17:32 +07:00
tsconfig.json
chore(dependencies): update zod version across multiple packages to 3.25.76 and remove unused i18next dependencies
2026-02-16 02:09:33 -06:00
tsconfig.server.json
refactor: remove save on build on next app and integrate turbopack
2024-10-24 23:13:24 -06:00
wait-for-postgres.ts
feat(dokploy): add wait-for-postgres script and update Dockerfile and package.json
2026-02-08 15:43:58 -06:00