Dorian 5bad457922 fix: remove wildcard CORS from nginx electrs-status, verify security headers ...

Security headers already present in nginx config (X-Content-Type-Options,
X-Frame-Options, CSP, Referrer-Policy, Permissions-Policy). Removed
Access-Control-Allow-Origin: * from electrs-status — CORS is now handled
by the backend with origin validation. Deployed and verified all headers.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-11 00:54:41 +00:00

..

Old Plans

fix: prevent My Apps crash when installing apps + add filebrowser to demo

2026-03-09 17:09:59 +00:00

pentest

chore: add security pentest reports and remediation plan

2026-03-06 03:08:14 +00:00

loop.sh

chore: add pentest-fix prompt and wire verification into loop.sh

2026-03-06 03:53:36 +00:00

pentest.yaml

chore: add security pentest reports and remediation plan

2026-03-06 03:08:14 +00:00

plan.md

fix: remove wildcard CORS from nginx electrs-status, verify security headers

2026-03-11 00:54:41 +00:00

prepare.sh

feat: AIUI chat mode integration with iframe, context broker, overnight loop

2026-03-04 12:06:20 +00:00

prompt-pentest-fix.md

chore: add pentest-fix prompt and wire verification into loop.sh

2026-03-06 03:53:36 +00:00

prompt.md

fix: add 6 missing apps to first-boot and fix penpot icon path

2026-03-09 00:18:28 +00:00

testing.md

fix: zero-amount invoices, identity.verify DID extraction, tor service permissions

2026-03-09 09:53:36 +00:00