john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tractatus/public
History
TheFlow 059dd43b72 security: complete Phase 0 Quick Wins implementation 
Phase 0 Complete (QW-1 through QW-8):
 Enhanced input validation with HTML sanitization
 Form rate limiting (5 req/min on all submission endpoints)
 Modern CSRF protection (SameSite cookies + double-submit pattern)
 Security audit logging (CSRF violations captured)
 Applied to all public form endpoints:
   - /api/cases/submit (case studies)
   - /api/media/inquiries (media inquiries)
   - /api/newsletter/subscribe (newsletter)

New Middleware:
- csrf-protection.middleware.js (replaces deprecated csurf package)
- Enhanced input-validation.middleware.js applied to all forms

Security Features Active:
- Security headers (CSP, HSTS, X-Frame-Options, etc.)
- Rate limiting (100 req/15min public, 5 req/min forms)
- CSRF protection (double-submit cookie pattern)
- HTML sanitization (XSS prevention)
- Response sanitization (hide stack traces)
- Security event logging

Implements: inst_041, inst_042, inst_043, inst_044, inst_045, inst_046
Refs: docs/plans/security-implementation-roadmap.md Phase 0
2025-10-14 15:32:54 +13:00
..
.well-known security: comprehensive security audit and hardening 2025-10-10 05:34:40 +13:00
about feat: comprehensive accessibility improvements (WCAG 2.1 AA) 2025-10-12 07:08:40 +13:00
admin feat: newsletter modal and deployment script enhancements 2025-10-14 13:11:46 +13:00
css fix(ui): rebuild Tailwind CSS with tooltip classes and update cache to v1.0.4 2025-10-09 09:53:07 +13:00
demos feat: newsletter modal and deployment script enhancements 2025-10-14 13:11:46 +13:00
downloads docs: regenerate PDFs and update documentation metadata 2025-10-14 10:53:48 +13:00
images feat: add runtime-agnostic architecture page with honest early-stage positioning 2025-10-13 21:51:58 +13:00
js refactor: rewrite Copilot Q&A in measured, evidence-based tone 2025-10-14 14:19:46 +13:00
koha feat: complete Priority 2 - Enhanced Koha Transparency Dashboard 2025-10-11 17:14:34 +13:00
about.html fix: FAQ modal scrolling and standardize footers 2025-10-14 12:46:23 +13:00
api-reference.html chore: cache busting for document review updates 2025-10-12 20:42:46 +13:00
architecture.html feat: add runtime-agnostic architecture page with honest early-stage positioning 2025-10-13 21:51:58 +13:00
blog-post.html feat: newsletter modal and deployment script enhancements 2025-10-14 13:11:46 +13:00
blog.html feat: newsletter modal and deployment script enhancements 2025-10-14 13:11:46 +13:00
case-submission.html fix: FAQ modal scrolling and standardize footers 2025-10-14 12:46:23 +13:00
check-version.html feat: fix documentation system - cards, PDFs, TOC, and navigation 2025-10-07 22:51:55 +13:00
docs-viewer.html chore: cache busting for document review updates 2025-10-12 20:42:46 +13:00
docs.html feat: add version control system and PWA support 2025-10-14 10:53:29 +13:00
faq.html security: complete Phase 0 Quick Wins implementation 2025-10-14 15:32:54 +13:00
favicon.ico feat: implement Rule Manager and Project Manager admin systems 2025-10-11 17:16:51 +13:00
favicon.svg feat: comprehensive documentation improvements and GitHub integration 2025-10-09 14:33:14 +13:00
implementer.html fix: FAQ modal scrolling and standardize footers 2025-10-14 12:46:23 +13:00
index.html feat: add version control system and PWA support 2025-10-14 10:53:29 +13:00
koha.html chore: cache busting for document review updates 2025-10-12 20:42:46 +13:00
leader.html fix: FAQ modal scrolling and standardize footers 2025-10-14 12:46:23 +13:00
manifest.json feat: add version control system and PWA support 2025-10-14 10:53:29 +13:00
media-inquiry.html fix: FAQ modal scrolling and standardize footers 2025-10-14 12:46:23 +13:00
media-triage-transparency.html feat: comprehensive accessibility improvements (WCAG 2.1 AA) 2025-10-12 07:08:40 +13:00
privacy.html chore: cache busting for document review updates 2025-10-12 20:42:46 +13:00
researcher.html fix: FAQ modal scrolling and standardize footers 2025-10-14 12:46:23 +13:00
service-worker.js refactor: rewrite Copilot Q&A in measured, evidence-based tone 2025-10-14 14:19:46 +13:00
version.json refactor: rewrite Copilot Q&A in measured, evidence-based tone 2025-10-14 14:19:46 +13:00