WTF, they not just made unauthenticated RCE http endpoint, they also helpfully added CORS bypass for it... all in CLI tool? That silently starts http server??

▲

Hamuko 8 hours ago | parent | next [-]

I'm slightly surprised that the CORS policy wasn't just "*" considering how wide open the server itself was.

	▲	throw_me_uwu 8 hours ago \| parent \| next [-]
		That's the point, it was! https://github.com/anomalyco/opencode/commit/7d2d87fa2c44e32...
	▲	gpm 8 hours ago \| parent \| prev [-]
		It seems like it was prior to 1.0.216?

▲

lifetimerubyist 3 hours ago | parent | prev [-]

It’s a vibe, bro.