duffyduck/dyndns-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
dyndns-server/app/templates/base.html
T
Stefan Hacker eccce7e539 F-15/F-16/F-17 Security-Header & Logout 
- F-15 CSRF-Logout: /logout nur noch via POST mit CSRF-Token; Sidebar-Link
  ist jetzt ein POST-Formular. Schuetzt vor Cross-Site-Logout (SameSite=Lax
  greift bei Top-Level-GET nicht).
- F-16 SRI: Subresource-Integrity-Hashes (sha384) + crossorigin fuer alle
  CDN-Ressourcen (Bootstrap CSS/JS, Bootstrap-Icons).
- F-17: Permissions-Policy-Header (deaktiviert ungenutzte Browser-Features).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-06 16:25:32 +02:00

65 lines
2.7 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>{% block title %}DynDNS Manager{% endblock %}</title>
<link rel="icon" href="{{ url_for('static', filename='favicon.svg') }}" type="image/svg+xml">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css"
integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css"
integrity="sha384-XGjxtQfXaH2tnPFa9x+ruJTuLE3Aa6LhHSWRr1XeTyhezb4abCG4ccI5AkVDxqC+" crossorigin="anonymous">
<link rel="stylesheet" href="{{ url_for('static', filename='css/app.css') }}">
</head>
<body class="d-flex">
<nav id="sidebar" class="d-flex flex-column p-3">
<a href="{{ url_for('dashboard') }}" class="brand text-decoration-none mb-4 d-flex align-items-center gap-2">
<i class="bi bi-globe2 fs-5"></i> DynDNS
</a>
<div class="nav flex-column">
<a href="{{ url_for('dashboard') }}"
class="nav-link {% if request.endpoint == 'dashboard' %}active{% endif %}">
<i class="bi bi-speedometer2"></i> Dashboard
</a>
<a href="{{ url_for('users') }}"
class="nav-link {% if request.endpoint in ['users'] %}active{% endif %}">
<i class="bi bi-people-fill"></i> Benutzer
</a>
<a href="{{ url_for('settings') }}"
class="nav-link {% if request.endpoint == 'settings' %}active{% endif %}">
<i class="bi bi-gear-fill"></i> Einstellungen
</a>
</div>
<div class="mt-auto">
<hr>
<small class="text-secondary d-block mb-2 px-2">{{ session.admin_username }}</small>
<form method="post" action="{{ url_for('logout') }}">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<button type="submit" class="nav-link text-danger">
<i class="bi bi-box-arrow-left"></i> Abmelden
</button>
</form>
</div>
</nav>
<div class="main-content">
{% with msgs = get_flashed_messages(with_categories=true) %}
{% for cat, msg in msgs %}
<div class="alert alert-{{ cat }} alert-dismissible fade show" role="alert">
{{ msg }}
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
</div>
{% endfor %}
{% endwith %}
{% block content %}{% endblock %}
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"
integrity="sha384-C6RzsynM9kWDrMNeT87bh95OGNyZPhcTNXj1NW7RuBCsyN/o0jlpcV8Qyq46cDfL" crossorigin="anonymous"></script>
<script src="{{ url_for('static', filename='js/app.js') }}"></script>
{% block scripts %}{% endblock %}
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink