Delano
Delano
A wip preparation branch for 1.0 code. Lots of movement upfront, but some items will go back to where they were after we finish cleaning the floor. Like lifting the...
## Otto - Feature Cole's notes ### Custom parameters **Custom parameters** in Otto routes are just arbitrary key=value pairs you add after the target. Otto parses them and makes them...
## Background OneTimeSecret currently has basic email/password auth and API tokens, suitable for hobbyists but limiting for serious deployments. 80% of self-hosters want zero auth complexity, while the remaining 20%...
## Problem PostgreSQL schema enables Row Level Security (RLS) on sensitive tables but doesn't define any access policies. **Location**: PostgreSQL migration schema lines 299-306 **Current state**: ```sql ALTER TABLE account_password_hashes...
## Problem The auth service contains hardcoded default secrets that pose a critical security risk in production environments: **Location**: `apps/web/auth/auth.rb` lines 21, 23, 49 ## Risk - **Critical**: Predictable secrets...
**Description:** The global banner currently displays on all instances of the application, including non-canonical sites. This behaviour may lead to confusion or miscommunication for users accessing non-canonical instances (e.g. custom...
## Problem Statement The CustomDomain model experienced a critical bug where domains could be created but never loaded back, causing numerous test failures and preventing proper domain functionality. This was...
## Overview This issue tracks security vulnerabilities, high-priority bugs, and code quality issues identified during the review of [PR #1541 - Fix OnetimeWindow functionality and enhance UI error handling](https://github.com/onetimesecret/onetimesecret/pull/1541). The...
## Description We need to implement handling for emails rejected due to recipients being on Amazon SES suppression list. Currently when sending emails through SES, if a recipient is on...