adamf/web_server
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

Fix security vulnerabilities across backend, frontend, and infra
All checks were successful
Deploy with Docker Compose / deploy (push) Successful in 4m44s
Details

Browse Source 
- Fix auth bypass in UpdatePost/DeletePost (missing return after auth check)
- Remove Spotify access token from callback response
- Replace internal error messages with generic responses in all handlers
- Harden GraphQL: complexity limit, disable playground/introspection in prod
- Add security headers (X-Frame-Options, HSTS, etc.) to nginx
- Disable Hasura console/dev mode in production
- Add DOMPurify sanitization to Markdown component
- Fix cookie removal to use correct domain/path from auth config
- Fix nil dereference in rowing handler when Claude API errors
- Fix wildcard CORS on stamp endpoint
- Pin nginx and certbot Docker image versions

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Adam French
2026-03-29 23:59:10 +01:00
parent 091bfcaef6
commit 75cede3b1b
14 changed files with 141 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
vue/src/components/util/Markdown.vue
View File

@@ -1,18 +1,22 @@
<script setup>
import MarkdownIt from "markdown-it";
import { katex } from "@mdit/plugin-katex";
import DOMPurify from "dompurify";
const mdIt = MarkdownIt().use(katex);
//.use(wiki);
const props = defineProps({
source: String,
});
function renderMarkdown(source) {
return DOMPurify.sanitize(mdIt.render(source));
}
</script>
<template>
<div
v-html="mdIt.render(props.source)"
v-html="renderMarkdown(props.source)"
class="flex flex-col items-center"
></div>
</template>