bjoern/Hellas-Wawi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15 Commits 1 Branch 0 Tags
e062a1e83606e7a49996b3f2dbc1b31b9241dc64
Commit Graph

6 Commits

Author SHA1 Message Date
Bjoern Welker
e062a1e836 security: add CSRF protection to all forms 
- Add Flask-WTF dependency for CSRF protection
- Initialize CSRFProtect in app.py
- Add CSRF tokens to all POST forms in templates
- Exempt /order JSON API endpoint (uses API key instead)

This protects against Cross-Site Request Forgery attacks on all
admin and user management operations.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-06 08:01:22 +01:00
Bjoern Welker
7ff74cb18c docs: verbessern inline-doku in wawi app 2026-01-30 12:35:37 +01:00
Bjoern Welker
db2767a496 Fix api_key_required indentation 2026-01-30 12:24:48 +01:00
Bjoern Welker
65ec9466eb Use APP_API_KEY for order auth 2026-01-30 12:12:40 +01:00
Bjoern Welker
a61e96e8b8 Harden order endpoint and async mail; improve security defaults 2026-01-30 12:08:08 +01:00
Bjoern Welker
81a1ed7eef Initial commit 2026-01-30 08:55:14 +01:00