dunkirk.sh / thistle
๐Ÿชป distributed transcription service thistle.dunkirk.sh
fork atom

feat: add CSRF token validation for critical operations #13

closed
opened by dunkirk.sh edited

Medium Priority#

Location: All POST/PUT/DELETE endpoints in src/index.ts

Issue#

No CSRF token validation on state-changing operations (relies on SameSite cookies only)

Impact#

Reduced protection against CSRF attacks

Fix Time#

~2 hours

Recommendation#

SameSite=Lax provides some protection, but consider adding CSRF tokens for critical operations

From LAUNCH_REVIEW.md Issue #23

sign up or login to add to the discussion
Labels

None yet.

priority
medium
assignee
dunkirk.sh
Participants 1
AT URI
at://did:plc:krxbvxvis5skq7jj6eot23ul/sh.tangled.repo.issue/3m6d4dtd7oy2t