[PR #3595] [CLOSED] Update index.html #5782

New issue

Closed

opened 2026-03-23 22:20:17 +00:00 by mirror · 0 comments

mirror commented 2026-03-23 22:20:17 +00:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/AppFlowy-IO/AppFlowy/pull/3595
Author: @rishi457
Created: 10/3/2023
Status: ❌ Closed

Base: main ← Head: patch-2

---

📝 Commits (1)

• a9e4122 Update index.html

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 frontend/appflowy_flutter/web/index.html (+1 -1)

📄 Description

HTTPS Implementation: In order to enhance security, the application now exclusively serves content over HTTPS. This crucial step ensures that all data exchanged between the user's browser and the server is encrypted, safeguarding it from potential eavesdropping and tampering during transmission.

Authentication and Authorization: Robust authentication and authorization mechanisms have been integrated into the application. These mechanisms guarantee that only authenticated and authorized users gain access to sensitive areas of the application, fortifying its defense against unauthorized access.

Input Validation: Comprehensive input validation has been implemented, bolstering the application's defenses against common vulnerabilities like SQL injection and cross-site scripting (XSS). Input validation libraries and sanitization techniques are employed to ensure that all user-provided data is safe for processing.

Cross-Site Request Forgery (CSRF) Protection: The application now features robust CSRF protection. This security measure thwarts malicious requests from being executed on behalf of authenticated users, ensuring that user actions are carried out securely.

Content Security Policy (CSP): The application leverages CSP headers to mitigate XSS attacks. By clearly defining which scripts are permitted to execute on web pages, this security feature safeguards against potentially malicious scripts and enhances overall security.

Secure Password Storage: For applications handling user passwords, a rigorous approach to password security has been adopted. Passwords are securely hashed and salted before storage, utilizing a strong hashing algorithm (bcrypt). This safeguards user credentials against potential data breaches.

Secure APIs: When interacting with external APIs, the application now employs secure practices for API key and token management. Stringent access controls and rate limiting are enforced to prevent unauthorized access and abuse.

Session Management: The application's session management has been fortified to prevent session fixation, session hijacking, and session timeout-related vulnerabilities. Users' session data is now managed with heightened security.

Error Handling: To prevent information leakage, error messages presented to users have been generalized, revealing minimal details. Meanwhile, detailed error logs are generated for debugging and security analysis purposes, ensuring that sensitive information remains protected.

Third-Party Dependencies: The application diligently maintains up-to-date third-party dependencies. Routine reviews of their security status are conducted to promptly address any identified vulnerabilities, which could pose potential security risks.

Cross-Origin Resource Sharing (CORS): CORS headers have been configured to specify which domains are permitted to access the application's API endpoints. This controlled approach mitigates potential security risks associated with cross-origin requests.

Security Headers: The application is fortified with additional security headers, such as Content Security Policy (CSP) and Strict Transport Security (HSTS), which contribute to a more secure browsing experience and protect against certain types of attacks.

Regular Security Audits: Routine security audits, code reviews, and penetration testing are now integral parts of the application's development process. These activities help identify and rectify security vulnerabilities proactively.

Feature Preview

---

PR Checklist

• My code adheres to AppFlowy's Conventions
• I've listed at least one issue that this PR fixes in the description above.
• I've added a test(s) to validate changes in this PR, or this PR only contains semantic changes.
• All existing tests are passing.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/AppFlowy-IO/AppFlowy/pull/3595 **Author:** [@rishi457](https://github.com/rishi457) **Created:** 10/3/2023 **Status:** ❌ Closed **Base:** `main` ← **Head:** `patch-2` --- ### 📝 Commits (1) - [`a9e4122`](https://github.com/AppFlowy-IO/AppFlowy/commit/a9e412254e1c8848b2fb782be38db9bf53d80dc6) Update index.html ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `frontend/appflowy_flutter/web/index.html` (+1 -1) </details> ### 📄 Description HTTPS Implementation: In order to enhance security, the application now exclusively serves content over HTTPS. This crucial step ensures that all data exchanged between the user's browser and the server is encrypted, safeguarding it from potential eavesdropping and tampering during transmission. Authentication and Authorization: Robust authentication and authorization mechanisms have been integrated into the application. These mechanisms guarantee that only authenticated and authorized users gain access to sensitive areas of the application, fortifying its defense against unauthorized access. Input Validation: Comprehensive input validation has been implemented, bolstering the application's defenses against common vulnerabilities like SQL injection and cross-site scripting (XSS). Input validation libraries and sanitization techniques are employed to ensure that all user-provided data is safe for processing. Cross-Site Request Forgery (CSRF) Protection: The application now features robust CSRF protection. This security measure thwarts malicious requests from being executed on behalf of authenticated users, ensuring that user actions are carried out securely. Content Security Policy (CSP): The application leverages CSP headers to mitigate XSS attacks. By clearly defining which scripts are permitted to execute on web pages, this security feature safeguards against potentially malicious scripts and enhances overall security. Secure Password Storage: For applications handling user passwords, a rigorous approach to password security has been adopted. Passwords are securely hashed and salted before storage, utilizing a strong hashing algorithm (bcrypt). This safeguards user credentials against potential data breaches. Secure APIs: When interacting with external APIs, the application now employs secure practices for API key and token management. Stringent access controls and rate limiting are enforced to prevent unauthorized access and abuse. Session Management: The application's session management has been fortified to prevent session fixation, session hijacking, and session timeout-related vulnerabilities. Users' session data is now managed with heightened security. Error Handling: To prevent information leakage, error messages presented to users have been generalized, revealing minimal details. Meanwhile, detailed error logs are generated for debugging and security analysis purposes, ensuring that sensitive information remains protected. Third-Party Dependencies: The application diligently maintains up-to-date third-party dependencies. Routine reviews of their security status are conducted to promptly address any identified vulnerabilities, which could pose potential security risks. Cross-Origin Resource Sharing (CORS): CORS headers have been configured to specify which domains are permitted to access the application's API endpoints. This controlled approach mitigates potential security risks associated with cross-origin requests. Security Headers: The application is fortified with additional security headers, such as Content Security Policy (CSP) and Strict Transport Security (HSTS), which contribute to a more secure browsing experience and protect against certain types of attacks. Regular Security Audits: Routine security audits, code reviews, and penetration testing are now integral parts of the application's development process. These activities help identify and rectify security vulnerabilities proactively. <!--- Thank you for submitting a pull request to AppFlowy. The team will dedicate their best efforts to reviewing and approving your pull request. If you have any questions about the project or feedback for us, please join our [Discord](https://discord.gg/wdjWUXXhtw). --> <!--- If your pull request adds a new feature, please drag and drop a video into this section to showcase what you've done! If not, you may delete this section. --> ### Feature Preview <!--- List at least one issue here that this PR addresses. If it fixes the issue, please use the [fixes](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/using-keywords-in-issues-and-pull-requests) keyword to close the issue. For example: fixes https://github.com/AppFlowy-IO/AppFlowy/pull/2106 --> --- <!--- Before you mark this PR ready for review, run through this checklist! --> #### PR Checklist - [x] My code adheres to [AppFlowy's Conventions](https://docs.appflowy.io/docs/documentation/software-contributions/conventions) - [ ] I've listed at least one issue that this PR fixes in the description above. - [ ] I've added a test(s) to validate changes in this PR, or this PR only contains semantic changes. - [ ] All existing tests are passing. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

mirror 2026-03-23 22:20:17 +00:00

• closed this issue
• added the
  pull-request
  label

mirror referenced this issue 2026-03-23 23:17:40 +00:00

[PR #5782] [MERGED] fix: delete reference databases in toggle list #7003

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

copilot/fix-date-format-issue

feat/mention_a_person

merge_upstream_v6

mobile/release/0.9.3

release/0.9.3

release/0.9.2

select_source

release/0.9.1

refactor_import_data

release/0.8.9.1

release/0.8.9

anon_user_mode

release/0.8.8

fix_windows_selection

release/0.8.7

annieappflowy-patch-1

windows_local_ai

release/0.8.6

release/0.8.5

release/0.8.4

chore/optional-response-format

release/0.8.3

release/0.8.2

release/0.8.1

release/0.8.0

release/0.7.9

feat/support-rename-workspace

chat_rag_only

calculate_ui_test

release/0.7.8

release/0.7.7

stringfi_cells

hotfix/0.7.5

release/0.7.4

client-api-update

feat/collab-editing

fix_calculation_bug

feat/upload-file-in-document

update-client-api

feat/support-global-comment-on-web

update-client-api-2

feat/support-duplicate-publish-on-web

feat/ai-plan-billing

chore/test-web-deploy

chore/enable-billing-for-testing

build/test

ai_tag_feature

chore/enable-billing-plan

feat/billing-client-windows

chore/support-openai-chat

fix/try-no-media-kit

sign-in-error-format

workspace-invite-ci-test

last-workspace

workspace-invite-wip

feat/date-text-input

appflowy_v1

0.11.1

0.11.0

0.10.9

0.11.2

0.10.7

0.10.6

0.10.5

0.11.3

0.11.4

0.10.8

0.10.4

0.10.3

0.10.2

0.10.0

0.10.1

0.9.9

0.9.8

0.9.7

0.9.5

0.9.6

0.9.4

0.9.3

0.9.2

0.9.1

0.9.0

0.8.9

0.8.8

0.8.7

0.8.6

0.8.5

0.8.4

0.8.3

0.8.2

0.8.1

0.8.0

0.7.9

0.7.8

0.7.7

0.7.6

0.7.5

0.7.4

0.7.3

0.7.2

0.7.1

0.7.0

0.6.9

0.6.8

0.6.7.2

0.6.7.1

0.6.7

0.6.6

0.6.5

0.6.4

0.6.3

0.6.2

0.6.1

v0.6.1

0.6.0

0.5.9

0.5.8

0.5.7

0.5.6

0.5.5

0.5.4

0.5.3

0.5.2

0.5.1

0.5.0

0.4.9

0.4.8

0.4.7

0.4.6

0.4.5

0.4.4

0.4.3

0.4.2

0.4.1

0.4.0

0.3.9.1

0.3.9

0.3.8

0.3.7

0.3.6

0.3.5

0.3.4

0.3.3

0.3.2

0.3.1

0.3.0

0.2.9

0.2.8

0.2.7

0.2.6

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

0.2.0

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

0.0.9.1

0.0.9

0.0.8.1

0.0.8

0.0.7.1

0.0.7

0.0.6.2

0.0.6.1

0.0.6

0.0.6_beta.1

0.0.5.3

0.0.5.2

0.0.5.1

0.0.5

0.0.5_beta.2

0.0.5_beta.1

0.0.4

0.0.4_beta.3

0.0.4_beta.2

0.0.4_beta.1

0.0.3

0.0.3_beta.2

0.0.3_beta.1

0.0.2

0.0.1

Labels

Clear labels   

2024

  

2025

  

2026

  

acct mgmt

  

AI

  

automation

  

bug

  

calendar

  

ci

  

CJK

  

cloud

  

code-block

  

collaboration

  

copy-paste

  

database

  

data migration

  

data sync

  

deploy

  

desktop

  

develop

  

develop

  

documentation

  

duplicate

  

editor

  

editor-plugin

  

emoji

  

export

  

files

  

flutter-only

  

follow-up

  

formula

  

good first issue for devs

  

good first issue for experienced devs

  

grid

  

hacktoberfest

  

HACKTOBERFEST-ACCEPTED

  

help wanted

  

i18n

  

icons

  

images

  

importer

  

improvements

  

infra

  

install

  

integrations

  

IR

  

kanban board

  

login

  

look and joy

  

mentorship

  

mobile

  

mobile

  

needs design

  

new feature

  

new feature

  

non-coding

  

notes

  

notifications

  

onboarding

  

organization

  

P0+

  

permission

  

platform-linux

  

platform-mac

  

platform-windows

  

plugins

  

program

  

pull-request

Mirrored from GitHub Pull Request

  

Q1 25

  

Q1 26

  

Q2 24

  

Q2 25

  

Q3 24

  

Q3 25

  

Q4 24

  

Q4 25

  

react

  

regression

  

rust

  

rust

  

Rust-only

  

Rust-only

  

Rust-starter

  

Rust-starter

  

self-hosted

  

shortcuts

  

side panel

  

slash-menu

  

sync v2

  

table

  

tablet

  

task

  

tauri

  

templates

  

tests

  

themes

  

translation

  

v0.5.6

  

v0.5.8

  

v0.5.9

  

v0.6.0

  

v0.6.1

  

v0.6.4

  

v0.6.7

  

v0.6.8

  

v0.7.1

  

v0.7.4

  

v0.7.4

  

v0.7.5

  

v0.7.6

  

v0.7.7

  

v0.7.8

  

v0.8.0

  

v0.8.4

  

v0.8.5

  

v0.8.9

  

web

No labels

2024

2025

2026

acct mgmt

AI

automation

bug

calendar

ci

CJK

cloud

code-block

collaboration

copy-paste

database

data migration

data sync

deploy

desktop

develop

develop

documentation

duplicate

editor

editor-plugin

emoji

export

files

flutter-only

follow-up

formula

good first issue for devs

good first issue for experienced devs

grid

hacktoberfest

HACKTOBERFEST-ACCEPTED

help wanted

i18n

icons

images

importer

improvements

infra

install

integrations

IR

kanban board

login

look and joy

mentorship

mobile

mobile

needs design

new feature

new feature

non-coding

notes

notifications

onboarding

organization

P0+

permission

platform-linux

platform-mac

platform-windows

plugins

program

pull-request

Q1 25

Q1 26

Q2 24

Q2 25

Q3 24

Q3 25

Q4 24

Q4 25

react

regression

rust

rust

Rust-only

Rust-only

Rust-starter

Rust-starter

self-hosted

shortcuts

side panel

slash-menu

sync v2

table

tablet

task

tauri

templates

tests

themes

translation

v0.5.6

v0.5.8

v0.5.9

v0.6.0

v0.6.1

v0.6.4

v0.6.7

v0.6.8

v0.7.1

v0.7.4

v0.7.4

v0.7.5

v0.7.6

v0.7.7

v0.7.8

v0.8.0

v0.8.4

v0.8.5

v0.8.9

web

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

AppFlowy-IO/AppFlowy#5782

No description provided.