Harden security across frontend and backend
All checks were successful
Build & Push Container Image / build (push) Successful in 11s
All checks were successful
Build & Push Container Image / build (push) Successful in 11s
1. AdfRenderer: validate href starts with https?:// before rendering links 2. Logout route: add requireAuth middleware 3. Jira API params: validate sprintId, boardId, issueIdOrKey are alphanumeric 4. CSP header: add Content-Security-Policy with restrictive defaults 5. OAuth callback: align frontendUrl fallback with index.js 6. Rate limiting: express-rate-limit on API routes + Socket.IO event throttling 7. Session KV keys: prefix with cloudId for tenant isolation defense-in-depth 8. saveScopedEstimate: use withSessionCas for atomic read-update-delete Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jan Willem Mannaerts
parent
3ab584e2ab
commit
03ba19042d
8 changed files with 127 additions and 47 deletions
|
|
@ -14,6 +14,7 @@
|
|||
"cors": "^2.8.5",
|
||||
"dotenv": "^16.4.5",
|
||||
"express": "^4.21.1",
|
||||
"express-rate-limit": "^8.2.1",
|
||||
"jsonwebtoken": "^9.0.3",
|
||||
"nats": "^2.28.2",
|
||||
"socket.io": "^4.8.1"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue