left4me

272 commits 2 branches 0 tags 4.8 MiB

Author	SHA1	Message	Date
mwiegand	74b7f61437	harden(l4d2web): default security response headers and generic error handlers - after_request hook sets X-Content-Type-Options=nosniff, X-Frame-Options=DENY, Referrer-Policy=strict-origin-when-cross-origin, and a strict CSP (default-src 'self', script-src self+nonce, frame-ancestors 'none', form-action 'self'); HSTS added on secure non-test responses - per-request CSP nonce minted in g.csp_nonce; servers.html's inline showModal script picks it up - 404 and 500 handlers return short plain-text responses so a misbehaving deployment can't leak tracebacks via Werkzeug's debug page	2026-05-14 22:21:36 +02:00
mwiegand	288eda7c37	chore(l4d2): flatten component layout	2026-05-05 23:47:06 +02:00

Author

SHA1

Message

Date

mwiegand

74b7f61437

harden(l4d2web): default security response headers and generic error handlers

- after_request hook sets X-Content-Type-Options=nosniff, X-Frame-Options=DENY, Referrer-Policy=strict-origin-when-cross-origin, and a strict CSP (default-src 'self', script-src self+nonce, frame-ancestors 'none', form-action 'self'); HSTS added on secure non-test responses
- per-request CSP nonce minted in g.csp_nonce; servers.html's inline showModal script picks it up
- 404 and 500 handlers return short plain-text responses so a misbehaving deployment can't leak tracebacks via Werkzeug's debug page

2026-05-14 22:21:36 +02:00

mwiegand

288eda7c37

chore(l4d2): flatten component layout

2026-05-05 23:47:06 +02:00

Renamed from components/l4d2-web-app/tests/test_security.py (Browse further)

2 commits