lichenblankie/tinyweb
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases 1 Packages Wiki Activity Actions
No description
15 commits 1 branch 1 tag 4.6 MiB
Find a file
lichenblankie 449174b0ca fixed SSRF bypass, tightened error handling 
- SSRF: disable automatic redirects, manually follow up to 5 hops with
  IP re-validation at each step to prevent redirect-to-localhost bypass
- Identity file: enforce 0600 permissions on tinyweb_identity at load
  and creation to prevent other users from reading the private key
- Error messages: replace raw exception strings with generic messages
  to avoid leaking internal paths/hostnames to the UI
- DB connections: wrap all get_db() usage in try/finally to guarantee
  close() even when handlers throw mid-operation
2026-06-05 05:29:35 +00:00
themes created themes folder with kodama template 2026-06-05 05:29:35 +00:00
.gitignore created themes folder with kodama template 2026-06-05 05:29:35 +00:00
app.py fixed SSRF bypass, tightened error handling 2026-06-05 05:29:35 +00:00
db.py fixed SSRF bypass, tightened error handling 2026-06-05 05:29:35 +00:00
gateway.py added bookmark auth, CSP, per-session CSRF 2026-06-05 05:29:35 +00:00
handlers.py fixed SSRF bypass, tightened error handling 2026-06-05 05:29:35 +00:00
README.md first commit 2026-06-05 05:22:37 +00:00
requirements.txt ported everything to Reticulum mesh 2026-06-05 05:29:35 +00:00
rns_client.py wired up mesh subscriptions + search 2026-06-05 05:29:35 +00:00
templates.py added custom template editor, cleaned up UI 2026-06-05 05:29:35 +00:00

README.md