archy

lfg2025/archy

Fork 0

Commit Graph

Author	SHA1	Message	Date
Dorian	d7c9f4917a	docs: add security audit report for new features (Task 22) Audited cloud file upload, AIUI iframe, context broker, FileBrowser proxy, and RPC endpoints. Key findings: - XSS: safe (Vue template escaping) - Context broker: properly validates origins - FileBrowser: medium risk path traversal (client-side), token in URLs - CSRF: high risk (no tokens, but mitigated by JSON content type) - Nginx: missing security headers Full report: docs/security-audit-2026-03-05.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 08:49:22 +00:00

Author

SHA1

Message

Date

Dorian

d7c9f4917a

docs: add security audit report for new features (Task 22)

Audited cloud file upload, AIUI iframe, context broker, FileBrowser
proxy, and RPC endpoints. Key findings:
- XSS: safe (Vue template escaping)
- Context broker: properly validates origins
- FileBrowser: medium risk path traversal (client-side), token in URLs
- CSRF: high risk (no tokens, but mitigated by JSON content type)
- Nginx: missing security headers

Full report: docs/security-audit-2026-03-05.md

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-05 08:49:22 +00:00

1 Commits