Gandalf/sofarr
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases 15 Wiki Activity
Files
b608fa0337bc005c15ea4652a51e0c88fb913ccd
sofarr/server
History
Gronod b608fa0337 fix(security #12): add helmet security response headers 
Adds X-DNS-Prefetch-Control, X-Frame-Options, X-Content-Type-Options,
Referrer-Policy, X-XSS-Protection, HSTS (in prod) and others.
CSP disabled for now as the SPA uses inline scripts/styles; a
nonce/hash-based policy is a future hardening step.
2026-05-16 16:23:47 +01:00
..
middleware
fix(security #7,#8,#9): signed cookies, isAdmin tamper-proof, schema validation
2026-05-16 16:20:37 +01:00
routes
fix(security #10): sanitize error details to prevent API key leakage
2026-05-16 16:22:11 +01:00
utils
fix(security #10): sanitize error details to prevent API key leakage
2026-05-16 16:22:11 +01:00
index.js
fix(security #12): add helmet security response headers
2026-05-16 16:23:47 +01:00