mirror/TimeTracker
1
0
Fork 0
mirror of https://github.com/DRYTRIX/TimeTracker.git synced 2026-01-11 22:21:08 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
dev-dev-41-5bb09595
TimeTracker/app
History
Dries Peeters b0f42f5fad CSRF: add trusted origins to support reverse-proxied host/proto 
Add WTF_CSRF_TRUSTED_ORIGINS to app/config.py (env-driven, comma-separated; default https://track.example.com) to allow CSRF validation when referrer/origin host matches a trusted origin behind a proxy.
Keep existing ProxyFix(x_proto=1, x_host=1, x_for=1, x_port=1) so Flask honors X-Forwarded-* headers.
Ensure forms/AJAX post to the same origin you’ve configured via WTF_CSRF_TRUSTED_ORIGINS.
2025-10-16 19:26:56 +02:00
..
models
feat: Add customizable Kanban board columns and enhance CSRF configuration
2025-10-11 19:56:45 +02:00
routes
Fix OIDC login failure due to missing nonce parameter in ID token parsing
2025-10-16 12:52:51 +02:00
static
fix(calendar): resolve loading state issues and improve user experience
2025-10-12 22:11:51 +02:00
templates
feat: enhance CSRF protection with double-submit cookie pattern
2025-10-13 12:51:23 +02:00
utils
feat: Add project costs tracking and remove license server integration
2025-10-09 11:50:26 +02:00
__init__.py
feat: Add HTTPS support with mkcert and automatic SSL configuration
2025-10-13 18:32:45 +02:00
config.py
CSRF: add trusted origins to support reverse-proxied host/proto
2025-10-16 19:26:56 +02:00