Commit 502c8a0

catlog22

committed

fix(security): Apply 3 critical security fixes

- sec-001: Add validateAllowedPath to /api/file endpoint (path traversal) - sec-002: Enable CSRF by default with CCW_DISABLE_CSRF opt-out - sec-003: Add validateAllowedPath to /api/dialog/browse and /api/dialog/open-file (path traversal) Ref: fix-1738072800000

1 parent ed0255b commit 502c8a0Copy full SHA for 502c8a0

5 files changed

.claude/skills/lite-skill-generator
- SKILL.md
- templates
  - simple-skill.md
  - style-guide.md
ccw/src/core
- auth
  - csrf-middleware.ts
- routes
  - system-routes.ts

Comments

(0)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit 502c8a0

File tree

0 commit comments