xTr1m/GameList
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden CSRF/CSP and add hash version upgrades

Browse Source
This commit is contained in:
Frank Tovar
2026-02-18 20:51:18 +01:00
parent 3c7f3d2114
commit a130cba41a
23 changed files with 627 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
wwwroot/data/i18n/faq/en.md
View File

@@ -209,6 +209,11 @@ Register again using the correct key from the host or leave it blank to crea
Auth and admin-sensitive routes are rate-limited to reduce brute-force attempts.
Wait briefly, then retry.
### "CSRF validation failed."
Authenticated write actions now require a same-origin browser request.
Reload the page and retry. If you're calling the API from custom tooling, send matching `Origin`/`Referer` values for your app host.
## Data & Privacy
- Suggestions, votes, and phase states are stored in a shared database.