rohskiddo/UMBRA
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
UMBRA/backend/app
History
Kyle Pope 0e0da4bd14 Fix nginx header inheritance regression and add 0.0.0.0/8 to SSRF blocklist 
NEW-1: add_header in location /api block suppressed server-level security
headers (HSTS, CSP, X-Frame-Options, etc). Duplicate all security headers
into the /api block explicitly per nginx inheritance rules.

NEW-2: Add 0.0.0.0/8 to _BLOCKED_NETWORKS — on Linux 0.0.0.0 connects
to localhost, bypassing the existing loopback check.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 18:41:16 +08:00
..
jobs
Backend pentest remediation (PT-03/05/06/07)
2026-03-02 17:43:27 +08:00
models
Add required email + date of birth to registration, shared validators, partial index
2026-03-02 19:21:11 +08:00
routers
Fix pentest findings: Cache-Control, SSRF save-time validation, Permissions-Policy
2026-03-03 17:52:28 +08:00
schemas
Fix QA review findings: server-side DOB validation, naive date max prop
2026-03-03 16:59:54 +08:00
services
Fix nginx header inheritance regression and add 0.0.0.0/8 to SSRF blocklist
2026-03-03 18:41:16 +08:00
__init__.py
Initial commit
2026-02-15 16:13:41 +08:00
config.py
Auto-derive CORS_ORIGINS from UMBRA_URL in production
2026-03-02 17:53:26 +08:00
database.py
Fix code review findings: security hardening and frontend fixes
2026-02-16 07:49:21 +08:00
main.py
H-01: Add global CSRF middleware for all mutating endpoints
2026-02-27 15:39:42 +08:00