CooperandGoodman/yolkbook
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f6cc7a606e38b15f7a3a347b81bdedc7cbdfa94f
yolkbook/backend
History
derekc f6cc7a606e Harden security: CORS, XSS, rate limiting, CSP, SRI 
- Lock down CORS to ALLOWED_ORIGINS env var (was wildcard)
- Fix admin panel XSS: use data-username attributes instead of
  interpolating usernames into onclick handlers
- Add rate limiting to /api/auth/register (3r/m) and /api/admin/*
  (10r/m); set limit_req_status 429
- Add Content-Security-Policy header restricting scripts to self
  and cdn.jsdelivr.net
- Add Subresource Integrity hash to Chart.js CDN script tag

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-19 23:18:33 -07:00
..
routers
Fix remaining code quality and infrastructure items
2026-03-18 00:18:58 -07:00
auth.py
Add multi-user auth, admin panel, and timezone support; rename to Yolkbook
2026-03-17 23:19:29 -07:00
database.py
Initial commit
2026-02-26 22:27:58 -08:00
Dockerfile
Initial commit
2026-02-26 22:27:58 -08:00
main.py
Harden security: CORS, XSS, rate limiting, CSP, SRI
2026-03-19 23:18:33 -07:00
models.py
Fix bugs, data integrity, and cache busting
2026-03-18 00:27:02 -07:00
requirements.txt
Add multi-user auth, admin panel, and timezone support; rename to Yolkbook
2026-03-17 23:19:29 -07:00
schemas.py
Implement security hardening across frontend, backend, and infrastructure
2026-03-17 23:55:08 -07:00