Can a spell being cast via a magic item be considered to be more than one class’ spell at the same time?

Can a spell being cast via a magic item be considered to be more than one class’ spell at the same time? Specifically, items phrased along the lines of “While holding it, you can use an action […] to cast [a spell] from it”, with no ties to a particular class (such as Wand of Magic Missiles, Helm of Teleportation, Wand of Entangle, etc.).

The reason I’m asking this question is it seems like it is possible via an odd interaction quirk of the following rules that I’m aware of, and I wanted to make sure I’m not missing anything:

  • From the answers over on the question of “What makes a spell being cast considered to be a {class} spell?”, the implication is that something is a ‘class spell’ if it is on that class’ spell list.

  • The multiclass spellcasting rules state “Each spell you know and prepare is associated with one of your classes”. However, in an instance where you are a multiclassed character who neither knows nor has prepared the spell from either class, I don’t think this rule would apply, removing the limit of being associated with only one class.

  • My current understanding is that spells cast from magic items can still be considered class spells, as per the answer to “Can a sorcerer spell cast from a magic item trigger a Wild Magic Surge” (plus, they are still on the class’ spell list, as mentioned above).


(For a specific application of where this may matter, consider this example: Could a multiclassed 10th level School of Evocation wizard/1st level Wild Magic sorcerer PC benefit from both Empowered Evocation and Wild Magic Surge on a single cast of magic missile from a Wand of Magic Missiles, assuming that they did not pick up magic missile as a spell via either of their classes? Empowered Evocation and Wild Magic Surge care that the spell being cast is a wizard spell and a sorcerer spell, respectively.)

Why do agents always employ the same algorithm when playing a congestion game?

I’ve been conducting research into congestion games and have come across many papers that study the effects on the outcome of a game played by agents employing a particular algorithm e.g. seeing how quickly Nash equilibrium is approached when using a modified version of fictitious play.

Is there any particular reason as to why there hasn’t been any research conducted that looks into agents using different algorithms playing a single congestion game? For example, agents who uses fictitious play playing alongside agents who use a q-learning algorithm.

How to display the number articles with the same tag inside specific category

I am trying to display the tags that are inside of a specific category. I have this working properly but now I want to show the count next to each tag showing how many articles are in that tag. i.e

tag-name(4) 

I have something that is very close but the problem is that if I have two tags inside a category let’s say apples and oranges, both will show (2), because there are 2 tags in that category in general. I want it to show how many of each tag, like Apples(1), Oranges(2) Here is my code:

 <?php   query_posts('category_name=Health');    if (have_posts()) : while (have_posts()) : the_post();     if( get_the_tag_list() ){         echo get_the_tag_list(); echo"(";echo $  wp_query->found_posts;echo")"; echo '<br>';     }     endwhile; endif;     wp_reset_query(); ?> 

Many thanks in advance.

Does the Zealot Barbarian’s Divine Fury apply multiple times if you focus the same target?

The Path of the Zealot barbarian (Xanathar’s Guide to Everything, p. 11) gets the Divine Fury feature at level 3, which states:

At 3rd level, while you’re raging, the first creature you hit on each of your turns with a weapon attack takes extra damage equal to 1d6 + half your barbarian level. The extra damage is necrotic or radiant; you choose the type of damage when you gain this feature.

The RAI intent seems as though it should be the first successful hit to a creature on your turn deals an additional 1d6 damage, but it doesn’t seem as explicit as Sneak Attack, which states that it only happens once per turn.

Does Divine Fury truly work the same way as the rogue’s Sneak Attack, or can you proc Divine Fury multiple times if you focus fire?

Can a character with the Extra Attack feature and the Crossbow Expert feat shoot a hand crossbow 4 times in the same turn?

In D&D 5e, can a 5th-level fighter shoot a hand crossbow 4 times per turn using the Crossbow Expert feat?

The fighter’s Extra Attack feature says (PHB, p. 72):

Beginning at 5th level, you can attack twice, instead of once, whenever you take the Attack action on your turn.

The Crossbow Expert feat says (PHB, p. 165):

  • You ignore the loading quality of crossbows with which you are proficient.

  • […]

  • When you use the Attack action and attack with a one-handed weapon, you can use a bonus action to attack with a loaded hand crossbow you are holding.

Is the following statement valid?

The fighter is holding a hand crossbow. He begins his turn. He takes an Attack action; using his Extra Attack feature along with the first benefit of Crossbow Expert, he shoots twice during this action. Then he takes a bonus action. Using the last benefit of Crossbow Expert, he makes this an Attack action. He is limited to using a hand crossbow during this action. He shoots twice using his Extra Attack feature. (Assume he can do this with the same hand crossbow.)

It is ambiguous whether "you can use a bonus action to attack" means "you can use a bonus action to take exactly one shot" or "you can use your bonus action for the round as an Attack action". Or even if it does mean "you can use a bonus action to take one shot", it is ambiguous whether it means "an Attack action in which you use a one-handed weapon gives you an opportunity to shoot during your bonus action" or "a one-handed weapon attack made during an Attack action gives you an opportunity to shoot during your bonus action". (One bonus shot per Attack action, or one bonus shot per attack within the Attack action?)

What is the mechanical reason for rolling the same initiative for a group of creatures?

The 5th ed Players handbook states that

The GM makes one roll for an entire group of identical creatures, so each member of the group acts at the same time.

Historically in other systems I have rolled initiative for all NPC’s individually, allowing for the fact some may react quicker then there counterparts.

Has the reason for this bulk rolling of NPCs ever been explained, or is it simply a mechanic to make things run smoother?

Does the same site cookie policy potentially change anything for CORS

According to the new same-site cookie policy (once implemented across all browsers) , a third party call from another page would not send along the cookies by default, unless the third party explicitly indicates that by setting appropriate cookie metadata.

As per my understanding, this would help with CSRF prevention. Does it cover all cases for CSRF ? Can this policy obsolete the same-origin policy since it seems to solve the same problems, or does the same origin policy cover other use cases? Does this potentially mean that we wouldn’t need CORS setup on the servers anymore?

Is it poor practice to host multiple web applications on the same domain, in terms of cookies?

In my web application, I have a single API backend and two frontends written as single page applications. To simplify deployment, I’d like to serve the API on /api, the admin dashboard on /admin, and the end user frontend on /user (or something similar), all on the same domain.

I want to use cookies for handling sessions, for both the end-user and admin apps. Is this a good idea? As I understand it, cookie usage is restricted by their domain. Would it make it simpler for an attacker to steal admin-session cookies from someone logged into both frontends? Or, should I use different domains for the admin and user frontends (admin.mydomain.com and user.mydomain.com)?

Serving “less trusted” content on the same domain

Let’s say we run a web app at "example.org". It uses cookies for user authentication.

Our website also has a blog at "example.org/blog", hosted by a third party. Our load balancer routes all requests to "/blog" (and subpaths) to our blog host’s servers. We don’t distrust them, but we’d prefer if security issues with the blog host can’t affect our primary web app.

Here are the security concerns I’m aware of, along with possible solutions.

  1. The requests to the blog host will contain our user’s cookies.
    • Solution: Have the load balancer strip cookies before forwarding requests to the blog host.
  2. An XSS on the blog allows the attacker to inject JS and read the cookie.
    • Solution: Use "HTTP-only" cookies.
  3. An XSS on the blog allows the attacker to inject JS and make an AJAX request to "example.org" with the user’s cookies. Because of the same origin policy, the browser allows the attacker’s JS to read the response.
    • Solution: Have the load balancer add some Content-Security-Policy to the blog responses? What’s the right policy to set?
    • Solution: Suborigins (link) looks nice, but we can’t depend on browser support yet.

Is there a way do safely host the blog on the same domain?