github-mirror/project-nomad
1
0
Fork 0
mirror of https://github.com/Crosstalk-Solutions/project-nomad.git synced 2026-03-31 05:59:26 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
396 Commits 16 Branches 55 Tags 17 MiB
2d285bfbc7
Commit Graph

7 Commits

Author SHA1 Message Date
Claude
3ddbe731a5
security: fix CORS, CSRF, CSP, HSTS, sessions, and path traversal 
- CORS: restrict origin from wildcard '*' to app URL from env (prevents
  cross-origin requests from arbitrary sites)
- Sessions: enable @adonisjs/session with cookie store and httpOnly/secure
  cookie flags; uncomment session middleware in kernel.ts
- CSRF: enable shield CSRF protection (requires sessions); uses XSRF-TOKEN
  cookie mechanism compatible with Inertia.js/Axios; exempts /api/health
  and SSE transmit endpoints
- CSP: enable Content Security Policy with restrictive directives
  (no object-src, no frame-src, self-only script/style/connect/font)
- HSTS: enable HTTP Strict Transport Security in production only
- Path traversal: tighten filenameParamValidator to block /, \, ..,
  and shell special characters; reduce max length from 4096 to 255
- env: add URL to .env.example; uncomment SESSION_DRIVER validation in env.ts

https://claude.ai/code/session_01WfRC4tDeYprykhMrg4PxX6
 2026-03-22 21:11:18 +00:00
Jake Turner
d55ff7b466
feat: curated content update checking 2026-02-11 21:49:46 -08:00
copilot-swe-agent[bot]
f905871392 Add NOMAD_STORAGE_PATH schema definition to start/env.ts 
Co-authored-by: jakeaturner <52841588+jakeaturner@users.noreply.github.com>
 2026-01-19 10:29:24 -08:00
Jake Turner
a2206b8c13 feat(System): check internet status on backend and allow custom test url 2025-12-24 12:00:32 -08:00
Jake Turner
7569aa935d
feat: background job overhaul with bullmq 2025-12-06 23:59:01 -08:00
Jake Turner
12a6f2230d
feat: [wip] new maps system 2025-11-30 22:29:16 -08:00
Jake Turner
b33a1b3e37 feat: initial commit 2025-06-29 15:51:08 -07:00