Zimeng Xiong
7c238701b7
Added instructions for the required CSRF_SECRET environment variable for CSRF protection in Kubernetes deployments.
44 lines
1.5 KiB
Markdown
44 lines
1.5 KiB
Markdown
CSRF Protection (8a78b2b)
|
|
|
|
- Implemented comprehensive CSRF (Cross-Site Request Forgery) protection for enhanced security
|
|
- Added new backend/src/security.ts module for security utilities
|
|
- Frontend API layer now handles CSRF tokens automatically
|
|
- Added integration tests for CSRF validation
|
|
|
|
Upload Progress Indicator (8f9b9b4)
|
|
|
|
- Added a visual upload progress bar when users upload files
|
|
- New UploadContext for managing upload state across components
|
|
- New UploadStatus component displaying real-time upload progress
|
|
- Save status indicator when navigating back from the editor
|
|
- Improved error handling and recovery for failed uploads
|
|
|
|
Bug Fixes
|
|
|
|
- Fixed broken e2e tests (cae8f3c)
|
|
- Replaced deprecated substr() with substring()
|
|
- Fixed stale state issues in error handling
|
|
- Fixed missing useEffect dependencies
|
|
- Fixed CSS class conflicts in progress bar styling
|
|
- Added error recovery for save state in Editor
|
|
|
|
Infrastructure
|
|
|
|
- Updated docker-compose configurations with new environment variables
|
|
- E2E test suite improvements and reliability fixes
|
|
- Added Kubernetes deployment note in README
|
|
|
|
### Kubernetes
|
|
|
|
A `CSRF_SECRET` environment variable is now required for CSRF protection. Generate a secure 32+ character random string:
|
|
|
|
```bash
|
|
openssl rand -base64 32
|
|
|
|
Add it to your deployment:
|
|
- Docker Compose: Add CSRF_SECRET=<your-secret> to the backend service environment
|
|
- Kubernetes: Add to your ConfigMap/Secret and reference in the backend deployment
|
|
|
|
If not set, the backend will refuse to start.
|
|
```
|