Implement CSRF protection and security hardening across the application (#4179)

* Implement CSRF protection and security hardening across the application - Added CSRF token handling in axios requests and HTML templates. - Introduced CSRF middleware to validate tokens for unsafe HTTP methods. - Implemented login limiter to prevent brute-force attacks. - Enhanced security headers in middleware for improved response security. - Updated login notification to include safe metadata without passwords. - Added tests for CSRF middleware and login limiter functionality. * fix
2026-05-08 14:36:13 +00:00 · 2026-05-07 23:36:11 +02:00
parent a1b2382877
commit 10ebc6cbdc
28 changed files with 525 additions and 41 deletions
--- a/web/html/common/page.html
+++ b/web/html/common/page.html
@@ -7,6 +7,7 @@
  <meta name="renderer" content="webkit">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <meta name="robots" content="noindex,nofollow">
+  {{ if .csrf_token }}<meta name="csrf-token" content="{{ .csrf_token }}">{{ end }}
  <link rel="stylesheet" href="{{ .base_path }}assets/ant-design-vue/antd.min.css">
  <link rel="stylesheet" href="{{ .base_path }}assets/css/custom.min.css?{{ .cur_ver }}">
  <style>
@@ -102,4 +103,4 @@
 </body>

 </html>
-{{ end }}
+{{ end }}