6c6d6c2f6f
All checks were successful
check / check (push) Successful in 6s
- Add SecurityHeaders middleware applied globally: HSTS, X-Content-Type-Options, X-Frame-Options, CSP, Referrer-Policy, and Permissions-Policy headers on every response. - Add session regeneration (Regenerate method) after successful login to prevent session fixation attacks. Old session is destroyed and a new ID is issued. - Add MaxBodySize middleware using http.MaxBytesReader to limit POST/PUT/PATCH request bodies to 1 MB on all form endpoints (/pages, /sources, /source/*). - Update README.md: document SecurityHeaders and MaxBodySize in the middleware stack, update Security section, move security headers to completed TODO. Closes #34, closes #38, closes #39
3.7 KiB
3.7 KiB