[BUG] [GSSoC'26] express-session cookie lacks httpOnly, Secure, and SameSite flags: all authenticated sessions are vulnerable to XSS hijack and CSRF #442
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Auto Label Issues and PRs | |
| on: | |
| issues: | |
| types: [opened] | |
| pull_request_target: # Correct indentation here | |
| types: [opened] | |
| jobs: | |
| add-labels: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Add labels to new issues | |
| if: github.event_name == 'issues' | |
| uses: actions-ecosystem/action-add-labels@v1 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} # Use GITHUB_TOKEN for issues | |
| labels: | | |
| gssoc26 | |
| - name: Add labels to new pull requests | |
| if: github.event_name == 'pull_request_target' | |
| uses: actions-ecosystem/action-add-labels@v1 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} # Use GITHUB_TOKEN for PRs | |
| labels: | | |
| level:intermediate | |
| quality:clean | |
| type:accessibility | |
| gssoc:approved |