This is crazy, friends told me apple was good on this, before we had to get a phone for our self, I now think they simply don't understand whats happening. It looks fine to non-tech parents i guess.
The question is, what can be used as an alternative?
I had first tried an old Android phone, but theres no way to disable app store, so kid figured out he can watch app store videos with no limit...
Same here, funadocs also integrates OpenAPI seamlessly and you can use blocks of the OpenAPI operations in your actual documentation which is perfect for writing developer guides.
This CVE is a joke, there is no attack vector. If an attacker is able to create an object with an executable function in the scope claimed in the CVE, he may just run the malicious code himself.
This is crazy, heres a video what happens after deleting and opening your URL.
https://www.youtube.com/watch?v=DMY7Z9Fe0ic
Before testing that I had the app itself removed months ago...
I call BS, it's the responsibility of the server to check Host headers and implement CORS. All browser provide these security measurements. There are valid use cases for having domain aliases for local ips.