Peter Steinberger
|
08e3357480
|
refactor: share gateway security path canonicalization
|
2026-02-26 17:23:46 +01:00 |
|
Peter Steinberger
|
258d615c4d
|
fix: harden plugin route auth path canonicalization
|
2026-02-26 17:02:06 +01:00 |
|
Peter Steinberger
|
6632fd1ea9
|
refactor(security): extract protected-route path policy helpers
|
2026-02-26 13:01:22 +01:00 |
|
Peter Steinberger
|
0ed675b1df
|
fix(security): harden canonical auth matching for plugin channel routes
|
2026-02-26 12:55:33 +01:00 |
|
Peter Steinberger
|
da0ba1b73a
|
fix(security): harden channel auth path checks and exec approval routing
|
2026-02-26 12:46:05 +01:00 |
|
Peter Steinberger
|
8c701ba1ff
|
test(gateway): add hooks bind-host hardening coverage
|
2026-02-26 00:54:39 +00:00 |
|
Brian Mendonca
|
5a64f6d766
|
Gateway/Security: protect /api/channels plugin root
|
2026-02-24 23:44:32 +00:00 |
|
Peter Steinberger
|
9af3ec92a5
|
fix(gateway): add HSTS header hardening and docs
|
2026-02-23 19:47:29 +00:00 |
|
Peter Steinberger
|
93ca0ed54f
|
refactor(channels): dedupe transport and gateway test scaffolds
|
2026-02-16 14:59:31 +00:00 |
|
Coy Geek
|
647d929c9d
|
fix: Unauthenticated Nostr profile API allows remote config tampering (#13719)
* fix(an-07): apply security fix
Generated by staged fix workflow.
* fix(an-07): apply security fix
Generated by staged fix workflow.
* fix(an-07): satisfy lint in plugin auth regression test
Replace unsafe unknown-to-string coercion in the gateway plugin auth test helper with explicit string/null/JSON handling so pnpm check passes.
|
2026-02-12 07:55:22 -06:00 |
|