chadebebe

root/chadebebe

Fork 0

Commit Graph

Author	SHA1	Message	Date
Michael T	30c661a364	fix(auth): resolve cookie authentication failure over HTTP Cookies were set with secure flag based solely on NODE_ENV, causing 401 errors when accessing over HTTP with NODE_ENV=production. - Add COOKIE_SECURE env var for explicit control - Auto-detect HTTPS via X-Forwarded-Proto header in production - Extract isSecureCookie() utility to lib/auth/utils.ts - Document COOKIE_SECURE in README and .env.example Fixes #39	2026-01-23 15:26:24 -05:00
Michael T	ae81206de7	fix(security): sanitize HTML content to prevent XSS attacks Add DOMPurify to sanitize user-generated HTML in the preferences section before rendering with dangerouslySetInnerHTML.	2026-01-12 11:21:27 -05:00
michaeltieso	3480888eaa	Initial commit	2025-12-01 14:49:17 +00:00

Author

SHA1

Message

Date

Michael T

30c661a364

fix(auth): resolve cookie authentication failure over HTTP

Cookies were set with secure flag based solely on NODE_ENV, causing
401 errors when accessing over HTTP with NODE_ENV=production.

- Add COOKIE_SECURE env var for explicit control
- Auto-detect HTTPS via X-Forwarded-Proto header in production
- Extract isSecureCookie() utility to lib/auth/utils.ts
- Document COOKIE_SECURE in README and .env.example

Fixes #39

2026-01-23 15:26:24 -05:00

Michael T

ae81206de7

fix(security): sanitize HTML content to prevent XSS attacks

Add DOMPurify to sanitize user-generated HTML in the preferences
section before rendering with dangerouslySetInnerHTML.

2026-01-12 11:21:27 -05:00

michaeltieso

3480888eaa

Initial commit

2025-12-01 14:49:17 +00:00

3 Commits