janpeter/Ops-dashboard
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Ops-dashboard/app
History
Scrum4Me Agent aa1fd41bec feat(security): rate-limit /api/flows/start, CSRF double-submit cookie, CSP headers 
- Rate-limit /api/flows/start to 10 req/min per user (in-memory, matches login pattern)
- Add middleware.ts: validates x-csrf-token header against csrf_token cookie on all
  API POST requests; issues the cookie on GET if missing; sets CSP, X-Frame-Options,
  X-Content-Type-Options, and Referrer-Policy on all responses
- Add lib/csrf.ts: client-side apiFetch() wrapper that injects the CSRF header
- Update all client components (login, useFlowRun, docker, caddy, git, systemd)
  to use apiFetch() for POST requests
- Cookie config in login route already correct (NODE_ENV check, httpOnly, sameSite=strict)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 20:01:43 +02:00
..
api feat(security): rate-limit /api/flows/start, CSRF double-submit cookie, CSP headers 2026-05-13 20:01:43 +02:00
audit feat(audit): add /audit list and /audit/[flow_run_id] detail pages 2026-05-13 18:00:37 +02:00
caddy feat(security): rate-limit /api/flows/start, CSRF double-submit cookie, CSP headers 2026-05-13 20:01:43 +02:00
docker feat(security): rate-limit /api/flows/start, CSRF double-submit cookie, CSP headers 2026-05-13 20:01:43 +02:00
flows feat(flows): add update_caddy_config flow with validate, reload/force-restart, and smoke test 2026-05-13 19:54:03 +02:00
git feat(security): rate-limit /api/flows/start, CSRF double-submit cookie, CSP headers 2026-05-13 20:01:43 +02:00
login feat(security): rate-limit /api/flows/start, CSRF double-submit cookie, CSP headers 2026-05-13 20:01:43 +02:00
systemd feat(security): rate-limit /api/flows/start, CSRF double-submit cookie, CSP headers 2026-05-13 20:01:43 +02:00
favicon.ico feat: Next.js + Tailwind + shadcn/ui project skeleton 2026-05-13 16:59:21 +02:00
globals.css feat: Next.js + Tailwind + shadcn/ui project skeleton 2026-05-13 16:59:21 +02:00
layout.tsx feat: Next.js + Tailwind + shadcn/ui project skeleton 2026-05-13 16:59:21 +02:00
page.tsx feat: Next.js + Tailwind + shadcn/ui project skeleton 2026-05-13 16:59:21 +02:00