OG T
d206460751
feat(security): Phase 20 CSRF 防護實作
Phase 19 首席架構師審查指出: 核鑰 UX 安全性缺 CSRF 防護
後端:
- 新增 src/core/csrf.py (Double Submit Cookie 模式)
- 新增 src/api/v1/csrf.py (GET /api/v1/csrf/token)
- 新增 src/models/csrf.py (CSRFTokenResponse)
- 修改 approvals.py sign/reject/bulk 端點加入 CSRFToken 驗證
前端:
- 新增 hooks/useCSRF.ts (React Hook)
- 修改 approval.store.ts 整合 CSRF Token 參數
安全特性:
- 256-bit Token (secrets.token_hex)
- 時序安全比較 (secrets.compare_digest)
- SameSite=Strict Cookie
- 1 小時 Token 有效期
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-03-28 18:31:58 +08:00
..
2026-03-19 19:16:12 +08:00
2026-03-26 09:55:47 +08:00
2026-03-26 09:55:47 +08:00
2026-03-23 18:40:36 +08:00
2026-03-26 09:55:47 +08:00
2026-03-26 09:55:47 +08:00
2026-03-26 18:16:45 +08:00
2026-03-23 18:40:36 +08:00
2026-03-28 18:04:12 +08:00
2026-03-26 10:45:29 +08:00
2026-03-23 19:44:56 +08:00
2026-03-26 15:34:12 +08:00
2026-03-23 19:44:56 +08:00
2026-03-24 15:19:52 +08:00
2026-03-26 10:12:43 +08:00
2026-03-26 10:45:29 +08:00
2026-03-26 11:22:47 +08:00
2026-03-26 10:13:05 +08:00
2026-03-26 10:13:12 +08:00
2026-03-26 19:09:08 +08:00
2026-03-26 12:27:47 +08:00
2026-03-26 12:27:36 +08:00
2026-03-26 19:09:08 +08:00
2026-03-26 19:09:08 +08:00
2026-03-26 15:32:52 +08:00
2026-03-26 15:32:52 +08:00
2026-03-26 15:34:12 +08:00
2026-03-26 18:43:28 +08:00
2026-03-26 20:13:07 +08:00
2026-03-26 19:09:08 +08:00
2026-03-26 19:09:08 +08:00
2026-03-27 09:42:53 +08:00
2026-03-28 18:04:12 +08:00
2026-03-28 18:04:12 +08:00
2026-03-28 18:31:58 +08:00