0489d9916f
Some checks failed
check / check (push) Has been cancelled
- Add SecurityHeaders middleware applied globally: HSTS, X-Content-Type-Options, X-Frame-Options, CSP, Referrer-Policy, and Permissions-Policy headers on every response. - Add session regeneration (Regenerate method) after successful login to prevent session fixation attacks. Old session is destroyed and a new ID is issued. - Add MaxBodySize middleware using http.MaxBytesReader to limit POST/PUT/PATCH request bodies to 1 MB on all form endpoints (/pages, /sources, /source/*). Closes #34, closes #38, closes #39