web_server

adamf/web_server

Fork 0

Commit Graph

Author	SHA1	Message	Date
Adam French	b56f8253d9	Harden backend against critical and high security vulnerabilities All checks were successful Deploy with Docker Compose / deploy (push) Successful in 3m51s Details - Fix WebSocket CheckOrigin to use proper url.Parse instead of string stripping - Add admin auth checks to Users/User GraphQL queries - Remove GraphQL GET transport to prevent CSRF via cross-site links - Add application-level IP-based login rate limiting (5 attempts/min) - Add path traversal bounds check on radio file upload - Require DEV_MODE for GraphQL introspection and playground - Move notes backend endpoint behind admin middleware - Add dedicated Nginx rate limit zone for GraphQL (10r/s) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-14 13:27:33 +01:00

Author

SHA1

Message

Date

Adam French

b56f8253d9

Harden backend against critical and high security vulnerabilities

Deploy with Docker Compose / deploy (push) Successful in 3m51s

Details

- Fix WebSocket CheckOrigin to use proper url.Parse instead of string stripping
- Add admin auth checks to Users/User GraphQL queries
- Remove GraphQL GET transport to prevent CSRF via cross-site links
- Add application-level IP-based login rate limiting (5 attempts/min)
- Add path traversal bounds check on radio file upload
- Require DEV_MODE for GraphQL introspection and playground
- Move notes backend endpoint behind admin middleware
- Add dedicated Nginx rate limit zone for GraphQL (10r/s)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-14 13:27:33 +01:00

1 Commits