akanealw/caddy-proxy-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
2,248 Commits 2 Branches 4 Tags
c27f4e40a39773508e01d313e82a3f54544a491b
Commit Graph

3 Commits

Author SHA1 Message Date
akanealw
99819b70ff added caddy-proxy-manager for testing
Some checks failed
Build and Push Docker Images (Trusted) / build-and-push (., docker/caddy/Dockerfile, caddy) (push) Has been cancelled
Details
Build and Push Docker Images (Trusted) / build-and-push (., docker/l4-port-manager/Dockerfile, l4-port-manager) (push) Has been cancelled
Details
Build and Push Docker Images (Trusted) / build-and-push (., docker/web/Dockerfile, web) (push) Has been cancelled
Details
Tests / test (push) Has been cancelled
Details
2026-04-21 22:49:08 +00:00
fuomag9
bdd3019214 security: add same-origin CSRF check to state-changing user API routes 
Adds checkSameOrigin() helper in auth.ts that validates the Origin header
against the Host header. If Origin is present and mismatched, returns 403.
Applied to all 5 custom POST routes flagged in CPM-003 (NEXT-CSRF-001):
  - change-password, link-oauth-start, unlink-oauth, update-avatar, logout

SameSite=Lax (NextAuth default) already blocks standard cross-site CSRF;
this adds defense-in-depth against subdomain and misconfiguration scenarios.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-05 01:04:18 +01:00
fuomag9
be21f46ad5 Added user tab and oauth2, streamlined readme 2025-12-28 15:14:56 +01:00