Security
Security for your Iridium application is important when deploying a production application. HTMX and Alpine.JS can unintentionally allow for malicious actions if not properly handled.
We recommend reading through this section prior to deploying your Iridium application and if you start writing custom components or your own plugins.
Logging Users out
We recommend using Iridium's base context's LogoutUser method to properly clean up and log out users. That method invalidates the user's session and clears any session variables that could expose data to a malicious person (HTMX's history cache for example).
Recommended Readings
- HTMX's security section. Link
- Alpine.Js CSP docs. Link
- Web Security Basis with HTMX - Alexander Petros. Link
Reporting Security Vulnerabilities
Did you find a vulnerability? Please directly report this on GitHub to the project maintainers.
- We ask you don't share your finding(s) publicly until after we've pushed a fix.
- We do kindly ask you put in some leg work for how you uncovered and how you can replicate the issue. Entirely AI-generated submissions will be ignored.