sneak/upaas
1
0
Fork 0
Code Issues 14 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
efa8f51310
upaas/internal
History
user efa8f51310
All checks were successful
Check / check (pull_request) Successful in 11m36s
Details
Add API CSRF protection via X-Requested-With header (closes #112) 
- Add APICSRFProtection middleware requiring X-Requested-With header on
  state-changing API requests (POST, PUT, DELETE, PATCH)
- Apply middleware to all /api/v1 routes
- Upgrade session cookie SameSite from Lax to Strict (defense-in-depth)
- Add X-Requested-With to CORS allowed headers
- Add tests for the new middleware

Browsers cannot send custom headers cross-origin without CORS preflight,
which effectively blocks CSRF attacks via cookie-based session auth.
2026-02-20 05:33:33 -08:00
..
config fix: resolve all lint issues on main branch 2026-02-20 02:39:18 -08:00
database fix: remove undeployed api_tokens migrations (006 + 007) 2026-02-16 00:34:02 -08:00
docker fix: resolve all lint issues on main branch 2026-02-20 02:39:18 -08:00
globals Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
handlers fix: resolve lint issues in handlers and middleware 2026-02-20 03:35:44 -08:00
healthcheck Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
logger Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
middleware Add API CSRF protection via X-Requested-With header (closes #112) 2026-02-20 05:33:33 -08:00
models Revert "Merge pull request 'feat: add Gitea Actions CI for make check (closes #96)' (#98) from feat/ci-make-check into main" 2026-02-19 20:36:22 -08:00
server Add API CSRF protection via X-Requested-With header (closes #112) 2026-02-20 05:33:33 -08:00
service Add API CSRF protection via X-Requested-With header (closes #112) 2026-02-20 05:33:33 -08:00
ssh fix: resolve all lint issues on main branch 2026-02-20 02:39:18 -08:00