8 Commits

Author	SHA1	Message	Date
Dries Peeters	1e1e3ad43a	Update setup.py	2025-10-13 20:41:21 +02:00
Dries Peeters	e61c628526	feat: enhance CSRF protection with double-submit cookie pattern ... Implement comprehensive CSRF token management with cookie-based double-submit pattern to improve security and SPA compatibility. Changes: - Add CSRF cookie configuration in app/config.py * WTF_CSRF_SSL_STRICT for strict SSL validation in production * CSRF_COOKIE_NAME (default: XSRF-TOKEN) for framework compatibility * CSRF_COOKIE_SECURE inherits from SESSION_COOKIE_SECURE by default * CSRF_COOKIE_HTTPONLY, CSRF_COOKIE_SAMESITE, and CSRF_COOKIE_DOMAIN settings - Implement CSRF cookie handler in app/__init__.py * Set CSRF token in cookie after each request * Configure cookie with secure flags based on environment settings * Support for double-submit pattern and SPA frameworks - Add client-side CSRF token management in base.html * JavaScript utilities for token retrieval and validation * Cookie synchronization for frameworks that read XSRF-TOKEN * Auto-refresh mechanism for stale tokens (>15 minutes) * Pre-submit token validation and refresh * User notification for missing cookies/tokens - Clean up docker-compose.yml environment variables * Remove redundant SECRET_KEY, WTF_CSRF_*, and cookie security settings * These are now managed through .env files and config.py This enhancement provides better CSRF protection while maintaining compatibility with modern JavaScript frameworks and SPA architectures.	2025-10-13 12:51:23 +02:00
Dries Peeters	d623164895	Update setup.py	2025-10-12 21:52:31 +02:00
Dries Peeters	ae710e60f0	Updated the dockerfile.	2025-10-11 20:55:54 +02:00
Dries Peeters	430a35b6c1	Update setup.py	2025-10-11 19:57:58 +02:00
Dries Peeters	94f021364d	Update setup.py	2025-10-11 09:03:17 +02:00
Dries Peeters	bdbfd621de	github workflows	2025-10-10 14:43:02 +02:00
Dries Peeters	6f4c8c8c21	Updated for Ci-testing ... Updated for Ci-testing	2025-10-09 13:13:28 +02:00