rohskiddo/UMBRA
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
UMBRA/backend/app/services
History
Kyle Pope 0e0da4bd14 Fix nginx header inheritance regression and add 0.0.0.0/8 to SSRF blocklist 
NEW-1: add_header in location /api block suppressed server-level security
headers (HSTS, CSP, X-Frame-Options, etc). Duplicate all security headers
into the /api block explicitly per nginx inheritance rules.

NEW-2: Add 0.0.0.0/8 to _BLOCKED_NETWORKS — on Linux 0.0.0.0 connects
to localhost, bypassing the existing loopback check.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 18:41:16 +08:00
..
audit.py
Extract real client IP from proxy headers instead of Docker bridge IP
2026-03-01 19:20:07 +08:00
auth.py
L-03: Session 7-day sliding window with 30-day hard ceiling
2026-02-27 15:45:15 +08:00
ntfy_templates.py
Implement Track C: NTFY push notification integration
2026-02-25 04:04:23 +08:00
ntfy.py
Fix nginx header inheritance regression and add 0.0.0.0/8 to SSRF blocklist
2026-03-03 18:41:16 +08:00
recurrence.py
Fix QA findings: firstDay reactivity, state revert, helper extraction
2026-02-22 02:02:15 +08:00
totp.py
Implement Stage 6 Track B: TOTP MFA (pyotp, Fernet-encrypted secrets, backup codes)
2026-02-25 04:18:05 +08:00