diana.dolgolyova/blackheart-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6cbdba2197a24807906890834795d27016fd40d0
blackheart-website/src/app/api
History
diana.dolgolyova 6cbdba2197 feat: add CSRF protection for admin API routes 
Double-submit cookie pattern: login sets bh-csrf-token cookie,
proxy.ts validates X-CSRF-Token header on POST/PUT/DELETE to /api/admin/*.
New adminFetch() helper in src/lib/csrf.ts auto-includes the header.
All admin pages migrated from fetch() to adminFetch().

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-17 17:53:02 +03:00
..
admin
fix: security hardening, UI fixes, and validation improvements
2026-03-17 17:37:29 +03:00
auth/login
feat: add CSRF protection for admin API routes
2026-03-17 17:53:02 +03:00
logout
feat: admin panel with SQLite, auth, and calendar-style schedule editor
2026-03-11 16:59:12 +03:00
master-class-register
fix: security hardening, UI fixes, and validation improvements
2026-03-17 17:37:29 +03:00