Stefan Hacker
eccce7e539
- F-15 CSRF-Logout: /logout nur noch via POST mit CSRF-Token; Sidebar-Link ist jetzt ein POST-Formular. Schuetzt vor Cross-Site-Logout (SameSite=Lax greift bei Top-Level-GET nicht). - F-16 SRI: Subresource-Integrity-Hashes (sha384) + crossorigin fuer alle CDN-Ressourcen (Bootstrap CSS/JS, Bootstrap-Icons). - F-17: Permissions-Policy-Header (deaktiviert ungenutzte Browser-Features). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
24 lines
980 B
HTML
24 lines
980 B
HTML
<!DOCTYPE html>
|
|
<html lang="de">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<title>{{ code }} — DynDNS Manager</title>
|
|
<link rel="icon" href="{{ url_for('static', filename='favicon.svg') }}" type="image/svg+xml">
|
|
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css"
|
|
integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
|
|
<link rel="stylesheet" href="{{ url_for('static', filename='css/login.css') }}">
|
|
</head>
|
|
<body class="justify-content-center">
|
|
<div class="login-card text-center">
|
|
<div class="card shadow">
|
|
<div class="card-body p-5">
|
|
<div class="display-4 fw-bold text-primary mb-2">{{ code }}</div>
|
|
<p class="text-muted mb-4">{{ message }}</p>
|
|
<a href="{{ url_for('dashboard') }}" class="btn btn-primary">Zur Startseite</a>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html>
|