Heuristic estimate (AI scoring not configured). SecureBananaLabs/bug-bounty: CORS configured with no origin restrictions — allows any domain shows 0 engagement on ghbounties. Buildability is inferred from the description; add an AI gateway key for a tailored read.
A starter prompt for Claude Code, what you'll need, and how to reach them.
Build a minimal version of "SecureBananaLabs/bug-bounty: CORS configured with no origin restrictions — allows any domain". Read the original at https://github.com/SecureBananaLabs/bug-bounty/issues/1774 for the exact requirements, then scaffold a Next.js + Tailwind app, implement the smallest valuable slice first, and ship it. (Enable AI scoring for a tailored, detailed prompt.)
Part of the operator's house stack.
Depends on the find — enable AI scoring for specifics.
Learn it: Search getting-started ↗
Bounty (amount on the issue). ## Security: Unrestricted CORS Policy **Description:** The Express app uses `cors()` with no configuration, allowing requests from any origin. In a production freelance platform, this should be restricted to trusted domains. **File:** `apps/api/src/app.js` **Current code:** ```js app.use(cors()); ``` **Expected behavior:** CORS should be configured with an explicit allowlist of permitted origins, or at minimum read from an environment variable. **Impact:** Medium — could enable cross-origin attacks in production if the API is exposed publicly. This issue is limited only to the creator of this issue. This means that only the issue author can attempt to solve this issue. If you would like to work on it, please create another issue with the same contents and refer to issue #743 for more information.
Comment /attempt on the GitHub issue, then open a PR to claim the bounty.
“Enable AI scoring for a tailored outreach angle.”
Open the original ↗