| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2026-01-27 | Fix CSP to allow conditions page embeds and fonts | Peter Stone | |
| Allow external resources in Content-Security-Policy: - frame-src: youtube.com, embed.windy.com (for webcams/weather) - style-src: fonts.googleapis.com (for Inter font) - font-src: fonts.gstatic.com (for font files) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> | |||
| 2026-01-26 | Phase 1: Critical security fixes | Peter Stone | |
| - Remove default password fallback - require DEFAULT_PASS in all environments - Fix XSS vulnerabilities in HTML generation (handlers.go:795,920) - Add security headers middleware (X-Frame-Options, CSP, HSTS, etc.) - Add rate limiting on login endpoint (5 req/15min per IP) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> | |||
 |
index : doot.git | |
| doot — personal productivity web app | www-data |
| summaryrefslogtreecommitdiff |