lichenblankie/tinyweb
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases 1 Packages Wiki Activity Actions
No description
17 commits 1 branch 1 tag 4.6 MiB
Find a file
Derick Phan 9ddecf71db
Add security hardening: CSRF, SSRF, FTS5, and DELETE via POST 
- CSRF: Generate random token at startup, include as hidden field in
  all 11 POST forms, validate at top of POST dispatch (returns 403)
- SSRF: Block private/internal IP ranges (127/8, 10/8, 172.16/12,
  192.168/16, 169.254/16, ::1, fc00::/7) by resolving hostname before
  fetch. Remove verify=False from requests.get().
- DELETE: Change /delete/<id> from GET (instant delete) to GET
  (confirmation page) + POST (actual delete) to prevent accidental
  deletion from prefetchers/crawlers.
- FTS5: Wrap search input in double quotes to neutralize FTS5
  operators (AND, OR, NOT, *, column:). Add try/except fallback.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-26 10:54:22 -07:00
themes Add themes folder with kodama template and gitignore index.db 2026-03-26 10:11:32 -07:00
.gitignore Add themes folder with kodama template and gitignore index.db 2026-03-26 10:11:32 -07:00
app.py Bind HTTP server to 0.0.0.0 for remote access 2026-03-25 23:38:15 -07:00
CLAUDE.md Add CLAUDE.md with project architecture and conventions 2026-03-26 08:17:38 -07:00
db.py Add security hardening: CSRF, SSRF, FTS5, and DELETE via POST 2026-03-26 10:54:22 -07:00
gateway.py Single-command startup and fix bookmarklet 2026-03-25 23:01:54 -07:00
handlers.py Add security hardening: CSRF, SSRF, FTS5, and DELETE via POST 2026-03-26 10:54:22 -07:00
README.md first commit 2026-03-24 20:35:10 -07:00
requirements.txt Migrate TinyWeb to Reticulum mesh network 2026-03-25 22:18:24 -07:00
rns_client.py Add Reticulum-native subscriptions and sync-based distributed search 2026-03-25 22:51:22 -07:00
templates.py Fix custom template rendering and ensure customize page uses default layout 2026-03-26 09:45:42 -07:00

README.md