Fix security vulnerabilities across backend, frontend, and infra
All checks were successful
Deploy with Docker Compose / deploy (push) Successful in 4m44s
All checks were successful
Deploy with Docker Compose / deploy (push) Successful in 4m44s
- Fix auth bypass in UpdatePost/DeletePost (missing return after auth check) - Remove Spotify access token from callback response - Replace internal error messages with generic responses in all handlers - Harden GraphQL: complexity limit, disable playground/introspection in prod - Add security headers (X-Frame-Options, HSTS, etc.) to nginx - Disable Hasura console/dev mode in production - Add DOMPurify sanitization to Markdown component - Fix cookie removal to use correct domain/path from auth config - Fix nil dereference in rowing handler when Claude API errors - Fix wildcard CORS on stamp endpoint - Pin nginx and certbot Docker image versions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -9,6 +9,8 @@ services:
|
||||
backend:
|
||||
environment:
|
||||
- SPOTIFY_REDIRECT_URI=https://localhost/api/spotify/callback
|
||||
- GQL_PLAYGROUND=true
|
||||
- GQL_INTROSPECTION=true
|
||||
nginx:
|
||||
environment:
|
||||
- DEV_MODE=true
|
||||
@@ -16,6 +18,10 @@ services:
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
hasura:
|
||||
environment:
|
||||
HASURA_GRAPHQL_ENABLE_CONSOLE: "true"
|
||||
HASURA_GRAPHQL_DEV_MODE: "true"
|
||||
certbot:
|
||||
profiles:
|
||||
- disabled
|
||||
|
||||
Reference in New Issue
Block a user