duffyduck/dyndns-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
dyndns-server/app/static/css
T
History
Stefan Hacker eccce7e539 F-15/F-16/F-17 Security-Header & Logout 
- F-15 CSRF-Logout: /logout nur noch via POST mit CSRF-Token; Sidebar-Link
  ist jetzt ein POST-Formular. Schuetzt vor Cross-Site-Logout (SameSite=Lax
  greift bei Top-Level-GET nicht).
- F-16 SRI: Subresource-Integrity-Hashes (sha384) + crossorigin fuer alle
  CDN-Ressourcen (Bootstrap CSS/JS, Bootstrap-Icons).
- F-17: Permissions-Policy-Header (deaktiviert ungenutzte Browser-Features).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-06 16:25:32 +02:00
..
app.css
F-15/F-16/F-17 Security-Header & Logout
2026-06-06 16:25:32 +02:00
login.css
Security-Hardening (Pentest-Findings F-02 bis F-07)
2026-06-06 14:45:27 +02:00