faral/pokerface
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
7 commits 1 branch 0 tags 298 KiB
Find a file
Jan Willem Mannaerts 03ba19042d
All checks were successful
Build & Push Container Image / build (push) Successful in 11s
Details
Harden security across frontend and backend 
1. AdfRenderer: validate href starts with https?:// before rendering links
2. Logout route: add requireAuth middleware
3. Jira API params: validate sprintId, boardId, issueIdOrKey are alphanumeric
4. CSP header: add Content-Security-Policy with restrictive defaults
5. OAuth callback: align frontendUrl fallback with index.js
6. Rate limiting: express-rate-limit on API routes + Socket.IO event throttling
7. Session KV keys: prefix with cloudId for tenant isolation defense-in-depth
8. saveScopedEstimate: use withSessionCas for atomic read-update-delete

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-28 16:05:48 +01:00
.forgejo/workflows Add Forgejo CI/CD workflow for Docker build & push 2026-02-27 21:21:48 +01:00
backend Harden security across frontend and backend 2026-02-28 16:05:48 +01:00
frontend Harden security across frontend and backend 2026-02-28 16:05:48 +01:00
.gitignore Initial commit: Pokerface sprint planning poker for Jira 2026-02-26 21:38:37 +01:00
Dockerfile Initial commit: Pokerface sprint planning poker for Jira 2026-02-26 21:38:37 +01:00
package-lock.json Initial commit: Pokerface sprint planning poker for Jira 2026-02-26 21:38:37 +01:00
package.json Initial commit: Pokerface sprint planning poker for Jira 2026-02-26 21:38:37 +01:00