Harden security: bookmark auth, CSP headers, per-session CSRF, and more
- Bookmark endpoint now requires a secret token (stored in settings) - Style reset moved from GET to POST with CSRF protection - Open redirect prevention in _redirect() helper - Import capped at 100 URLs to prevent abuse - page_tags cleaned up on delete + PRAGMA foreign_keys enabled - CSP, X-Frame-Options, X-Content-Type-Options on all responses - CSRF tokens now per-session via double-submit cookie pattern - Tag names URL-decoded for special characters - Gateway forwards cookies in request data Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Derick Phan
parent
9ddecf71db
commit
d5f2d01651
3 changed files with 83 additions and 11 deletions
1
db.py
1
db.py
|
|
@ -56,6 +56,7 @@ def clean_url(url):
|
|||
|
||||
def get_db():
|
||||
db = sqlite3.connect(DATABASE)
|
||||
db.execute("PRAGMA foreign_keys = ON")
|
||||
db.row_factory = sqlite3.Row
|
||||
return db
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue