Charon

akanealw/Charon

Fork 0

Commit Graph

Author	SHA1	Message	Date
GitHub Actions	62f649ef5b	feat: add API-Friendly security header preset for mobile apps - Add new API-Friendly preset (70/100) optimized for mobile apps and API clients - CORP set to "cross-origin" to allow mobile app access - CSP disabled as APIs don't need content security policy - Add tooltips to preset cards explaining use cases and compatibility - Add warning banner in ProxyHostForm when Strict/Paranoid selected - Warn users about mobile app compatibility issues Presets now: Basic (65) < API-Friendly (70) < Strict (85) < Paranoid (100) Recommended for: Radarr, Sonarr, Plex, Jellyfin, Home Assistant, Vaultwarden	2025-12-19 18:55:48 +00:00
GitHub Actions	8cf762164f	feat: implement HTTP Security Headers management (Issue #20 ) Add comprehensive security header management system with reusable profiles, interactive builders, and security scoring. Features: - SecurityHeaderProfile model with 11+ header types - CRUD API with 10 endpoints (/api/v1/security/headers/*) - Caddy integration for automatic header injection - 3 built-in presets (Basic, Strict, Paranoid) - Security score calculator (0-100) with suggestions - Interactive CSP builder with validation - Permissions-Policy builder - Real-time security score preview - Per-host profile assignment Headers Supported: - HSTS with preload support - Content-Security-Policy with report-only mode - X-Frame-Options, X-Content-Type-Options - Referrer-Policy, Permissions-Policy - Cross-Origin-Opener/Resource/Embedder-Policy - X-XSS-Protection, Cache-Control security Implementation: - Backend: models, handlers, services (85% coverage) - Frontend: React components, hooks (87.46% coverage) - Tests: 1,163 total tests passing - Docs: Comprehensive feature documentation Closes #20	2025-12-19 18:55:48 +00:00

Author

SHA1

Message

Date

GitHub Actions

62f649ef5b

feat: add API-Friendly security header preset for mobile apps

- Add new API-Friendly preset (70/100) optimized for mobile apps and API clients
- CORP set to "cross-origin" to allow mobile app access
- CSP disabled as APIs don't need content security policy
- Add tooltips to preset cards explaining use cases and compatibility
- Add warning banner in ProxyHostForm when Strict/Paranoid selected
- Warn users about mobile app compatibility issues

Presets now: Basic (65) < API-Friendly (70) < Strict (85) < Paranoid (100)

Recommended for: Radarr, Sonarr, Plex, Jellyfin, Home Assistant, Vaultwarden

2025-12-19 18:55:48 +00:00

GitHub Actions

8cf762164f

feat: implement HTTP Security Headers management (Issue #20 )

Add comprehensive security header management system with reusable
profiles, interactive builders, and security scoring.

Features:
- SecurityHeaderProfile model with 11+ header types
- CRUD API with 10 endpoints (/api/v1/security/headers/*)
- Caddy integration for automatic header injection
- 3 built-in presets (Basic, Strict, Paranoid)
- Security score calculator (0-100) with suggestions
- Interactive CSP builder with validation
- Permissions-Policy builder
- Real-time security score preview
- Per-host profile assignment

Headers Supported:
- HSTS with preload support
- Content-Security-Policy with report-only mode
- X-Frame-Options, X-Content-Type-Options
- Referrer-Policy, Permissions-Policy
- Cross-Origin-Opener/Resource/Embedder-Policy
- X-XSS-Protection, Cache-Control security

Implementation:
- Backend: models, handlers, services (85% coverage)
- Frontend: React components, hooks (87.46% coverage)
- Tests: 1,163 total tests passing
- Docs: Comprehensive feature documentation

Closes #20

2025-12-19 18:55:48 +00:00

2 Commits