sneak/upaas
1
0
Fork 0
Code Issues 21 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
b1dc8fcc4e
upaas/internal
History
clawbot b1dc8fcc4e Add CSRF protection to state-changing POST endpoints 
Add gorilla/csrf middleware to protect all HTML-serving routes against
cross-site request forgery attacks. The webhook endpoint is excluded
since it uses secret-based authentication.

Changes:
- Add gorilla/csrf v1.7.3 dependency
- Add CSRF() middleware method using session secret as key
- Apply CSRF middleware to all HTML route groups in routes.go
- Pass CSRF token to all templates via addGlobals helper
- Add {{ .CSRFField }} / {{ $.CSRFField }} hidden inputs to all forms

Closes #11
2026-02-15 14:17:55 -08:00
..
config Add deployment improvements and UI enhancements 2025-12-30 15:05:26 +07:00
database Add commit URL to Slack notifications with link and backtick formatting 2025-12-31 16:29:22 -08:00
docker Add build log file storage and download functionality 2026-01-01 06:08:00 -08:00
globals Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
handlers Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
healthcheck Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
logger Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
middleware Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
models Add commit URL to Slack notifications with link and backtick formatting 2025-12-31 16:29:22 -08:00
server Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
service Fix app status not updated when deployment fails or service restarts 2026-01-01 06:59:03 -08:00
ssh Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00