top | item 46594373 (no title) throw_me_uwu | 1 month ago WTF, they not just made unauthenticated RCE http endpoint, they also helpfully added CORS bypass for it... all in CLI tool? That silently starts http server?? discuss order hn newest never_inline|1 month ago Someone tell the AI labs to stop training on tutorial code. Hamuko|1 month ago I'm slightly surprised that the CORS policy wasn't just "*" considering how wide open the server itself was. throw_me_uwu|1 month ago That's the point, it was!https://github.com/anomalyco/opencode/commit/7d2d87fa2c44e32... gpm|1 month ago It seems like it was prior to 1.0.216? Bridged7756|1 month ago Just run it in a sandbox, bro. lifetimerubyist|1 month ago It’s a vibe, bro.
Hamuko|1 month ago I'm slightly surprised that the CORS policy wasn't just "*" considering how wide open the server itself was. throw_me_uwu|1 month ago That's the point, it was!https://github.com/anomalyco/opencode/commit/7d2d87fa2c44e32... gpm|1 month ago It seems like it was prior to 1.0.216?
throw_me_uwu|1 month ago That's the point, it was!https://github.com/anomalyco/opencode/commit/7d2d87fa2c44e32...
never_inline|1 month ago
Hamuko|1 month ago
throw_me_uwu|1 month ago
https://github.com/anomalyco/opencode/commit/7d2d87fa2c44e32...
gpm|1 month ago
Bridged7756|1 month ago
lifetimerubyist|1 month ago