sneak/upaas
1
0
Fork 0
Code Issues 21 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
b1dc8fcc4e
upaas/templates
History
clawbot b1dc8fcc4e Add CSRF protection to state-changing POST endpoints 
Add gorilla/csrf middleware to protect all HTML-serving routes against
cross-site request forgery attacks. The webhook endpoint is excluded
since it uses secret-based authentication.

Changes:
- Add gorilla/csrf v1.7.3 dependency
- Add CSRF() middleware method using session secret as key
- Apply CSRF middleware to all HTML route groups in routes.go
- Pass CSRF token to all templates via addGlobals helper
- Add {{ .CSRFField }} / {{ $.CSRFField }} hidden inputs to all forms

Closes #11
2026-02-15 14:17:55 -08:00
..
app_detail.html Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
app_edit.html Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
app_new.html Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
base.html Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
dashboard.html Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
deployments.html Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
login.html Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
setup.html Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
templates.go Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00