AI Added a Route That Bypasses Auth Middleware
AI registered a new endpoint outside the authenticated route group, exposing internal data without checks. Detect the gap and enforce auth as a default.
#Security
Articles tagged with #Security
HSTS Preload Stuck: Can't Roll Back HTTPS Even After Removal
You enabled HSTS preload then needed to roll back. Browsers still force HTTPS for years. Understand why, and what limited recovery actually exists.
Claude Code Accidentally Committed a Secret
`.env` or API key swept into a commit by `git add .`. Rotate first (always), then prevent: ban broad `git add`, install secret scanner, gitignore.
Firebase Config Audit Prompts for Rules and Functions
Firebase config audit prompts — Firestore / Realtime DB / Storage rules, indexes, Cloud Functions, Auth, App Check, hosting.
Supabase RLS Policy Review Prompts for Auth and Roles
Supabase Row-Level Security review prompts — auth.uid() checks, role policies, INSERT/UPDATE/DELETE coverage, storage bucket RLS, function security.