maxim.dolgolyov/Learn_System
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2fd7f6a463fb27fc1ed1af2ff6160f4740a015cf
Learn_System/frontend
T
History
Maxim Dolgolyov 6b2ec38d9a security: WS auth via first-message, not query string 
Tokens in URL leak through proxy access logs, browser history and
Referer headers. Now: WS opens unauthenticated, client sends
{type:'auth', token} as first message; server responds with
{type:'auth_ok'} and starts normal message processing.
5-second timeout closes any unauthenticated connection.
Frontend queues session join until auth_ok received.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-06 16:58:25 +03:00
..
css
a11y: WCAG AA contrast + ARIA roles + focus management across all pages
2026-04-16 11:42:38 +03:00
img/questions
LearnSpace: full-stack educational whiteboard platform
2026-04-12 10:10:37 +03:00
js
security+perf: полное ревью — 17 фиксов P0/P1 (XSS, IDOR, race conditions, rate limits, TURN, WAL)
2026-04-23 12:16:08 +03:00
403.html
LearnSpace: full-stack educational whiteboard platform
2026-04-12 10:10:37 +03:00
404.html
LearnSpace: full-stack educational whiteboard platform
2026-04-12 10:10:37 +03:00
500.html
LearnSpace: full-stack educational whiteboard platform
2026-04-12 10:10:37 +03:00
admin.html
security+perf: полное ревью — 17 фиксов P0/P1 (XSS, IDOR, race conditions, rate limits, TURN, WAL)
2026-04-23 12:16:08 +03:00
analytics.html
a11y: WCAG AA contrast + ARIA roles + focus management across all pages
2026-04-16 11:42:38 +03:00
biochem-library.html
feat: universal sidebar via sidebar.js + stale ID cleanup
2026-04-13 21:22:21 +03:00
biochem-pathways.html
feat: universal sidebar via sidebar.js + stale ID cleanup
2026-04-13 21:22:21 +03:00
biochem-properties.html
feat: universal sidebar via sidebar.js + stale ID cleanup
2026-04-13 21:22:21 +03:00
biochem-reactions.html
feat: universal sidebar via sidebar.js + stale ID cleanup
2026-04-13 21:22:21 +03:00
biochem.html
feat: universal sidebar via sidebar.js + stale ID cleanup
2026-04-13 21:22:21 +03:00
board.html
a11y: WCAG AA contrast + ARIA roles + focus management across all pages
2026-04-16 11:42:38 +03:00
classes.html
a11y: WCAG AA contrast + ARIA roles + focus management across all pages
2026-04-16 11:42:38 +03:00
classroom.html
security: WS auth via first-message, not query string
2026-05-06 16:58:25 +03:00
collection-rb.html
feat: universal sidebar via sidebar.js + stale ID cleanup
2026-04-13 21:22:21 +03:00
collection.html
feat: universal sidebar via sidebar.js + stale ID cleanup
2026-04-13 21:22:21 +03:00
course.html
a11y: WCAG AA contrast + ARIA roles + focus management across all pages
2026-04-16 11:42:38 +03:00
crossword.html
feat: universal sidebar via sidebar.js + stale ID cleanup
2026-04-13 21:22:21 +03:00
dashboard.html
a11y: WCAG AA contrast + ARIA roles + focus management across all pages
2026-04-16 11:42:38 +03:00
favicon.svg
LearnSpace: full-stack educational whiteboard platform
2026-04-12 10:10:37 +03:00
flashcards.html
feat: universal sidebar via sidebar.js + stale ID cleanup
2026-04-13 21:22:21 +03:00
gradebook.html
a11y: WCAG AA contrast + ARIA roles + focus management across all pages
2026-04-16 11:42:38 +03:00
guest-board.html
feat: WebSocket real-time + rAF render gate + guest board + screen picker
2026-04-13 18:04:59 +03:00
hangman.html
feat: universal sidebar via sidebar.js + stale ID cleanup
2026-04-13 21:22:21 +03:00
homework.html
a11y: WCAG AA contrast + ARIA roles + focus management across all pages
2026-04-16 11:42:38 +03:00
knowledge-map.html
a11y: WCAG AA contrast + ARIA roles + focus management across all pages
2026-04-16 11:42:38 +03:00
lab.html
a11y: WCAG AA contrast + ARIA roles + focus management across all pages
2026-04-16 11:42:38 +03:00
lesson-editor.html
a11y: WCAG AA contrast + ARIA roles + focus management across all pages
2026-04-16 11:42:38 +03:00
lesson-history.html
feat: universal sidebar via sidebar.js + stale ID cleanup
2026-04-13 21:22:21 +03:00
lesson.html
a11y: WCAG AA contrast + ARIA roles + focus management across all pages
2026-04-16 11:42:38 +03:00
library.html
feat: universal sidebar via sidebar.js + stale ID cleanup
2026-04-13 21:22:21 +03:00
live-quiz.html
a11y: WCAG AA contrast + ARIA roles + focus management across all pages
2026-04-16 11:42:38 +03:00
login.html
security+perf: полное ревью — 17 фиксов P0/P1 (XSS, IDOR, race conditions, rate limits, TURN, WAL)
2026-04-23 12:16:08 +03:00
my-lessons.html
feat: universal sidebar via sidebar.js + stale ID cleanup
2026-04-13 21:22:21 +03:00
parent.html
a11y: WCAG AA contrast + ARIA roles + focus management across all pages
2026-04-16 11:42:38 +03:00
pet.html
feat: universal sidebar via sidebar.js + stale ID cleanup
2026-04-13 21:22:21 +03:00
profile.html
a11y: WCAG AA contrast + ARIA roles + focus management across all pages
2026-04-16 11:42:38 +03:00
question-bank.html
fix: банк вопросов — сортировка и фильтр по темам
2026-04-23 23:10:58 +03:00
red-book-biomes.html
feat: universal sidebar via sidebar.js + stale ID cleanup
2026-04-13 21:22:21 +03:00
red-book-ecosystem.html
security+perf: полное ревью — 17 фиксов P0/P1 (XSS, IDOR, race conditions, rate limits, TURN, WAL)
2026-04-23 12:16:08 +03:00
red-book-games.html
feat: universal sidebar via sidebar.js + stale ID cleanup
2026-04-13 21:22:21 +03:00
red-book.html
feat: universal sidebar via sidebar.js + stale ID cleanup
2026-04-13 21:22:21 +03:00
sitemap.html
feat: скрывать отключённые/недоступные модули с galaxy map по feature flags
2026-04-14 09:02:30 +03:00
teacher-guide.html
a11y: WCAG AA contrast + ARIA roles + focus management across all pages
2026-04-16 11:42:38 +03:00
test-result.html
LearnSpace: full-stack educational whiteboard platform
2026-04-12 10:10:37 +03:00
test-run.html
a11y: WCAG AA contrast + ARIA roles + focus management across all pages
2026-04-16 11:42:38 +03:00
theory.html
a11y: WCAG AA contrast + ARIA roles + focus management across all pages
2026-04-16 11:42:38 +03:00