e062a1e836
security: add CSRF protection to all forms
...
- Add Flask-WTF dependency for CSRF protection
- Initialize CSRFProtect in app.py
- Add CSRF tokens to all POST forms in templates
- Exempt /order JSON API endpoint (uses API key instead)
This protects against Cross-Site Request Forgery attacks on all
admin and user management operations.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com >
2026-02-06 08:01:22 +01:00
12eece0226
docs: anonymize env examples
2026-01-30 12:41:09 +01:00
b9ea2c2625
docs: clarify order key location
2026-01-30 12:39:29 +01:00
68bfbd55a2
docs: add developer env section
2026-01-30 12:36:51 +01:00
7ff74cb18c
docs: verbessern inline-doku in wawi app
2026-01-30 12:35:37 +01:00
db2767a496
Fix api_key_required indentation
2026-01-30 12:24:48 +01:00
efffdfa3fa
Document uploads in fix permissions script
2026-01-30 12:17:04 +01:00
65ec9466eb
Use APP_API_KEY for order auth
2026-01-30 12:12:40 +01:00
ec2d8945b3
Hide order API key input
2026-01-30 12:10:10 +01:00
513c126fba
Send order API key from live page
2026-01-30 12:09:13 +01:00
a61e96e8b8
Harden order endpoint and async mail; improve security defaults
2026-01-30 12:08:08 +01:00
Bjoern Welker
a7d058b57c
Clean up unused live page code
2026-01-30 12:00:02 +01:00
Bjoern Welker
f6495eb82a
Remove totals from live page
2026-01-30 09:04:18 +01:00
Bjoern Welker
1bcaad503a
Update README with deployment and env docs
2026-01-30 08:58:52 +01:00
Bjoern Welker
81a1ed7eef
Initial commit
2026-01-30 08:55:14 +01:00
