POSA_Copyrighter

cw2007/POSA_Copyrighter

History

유창욱 1abb1107a2 fix: cookie-based operator auth keeps token out of URLs Address commit security review: replace the ?token= query fallback (which leaked the token into logs/referrers) with an HttpOnly, SameSite=Strict session cookie minted on the first header-authenticated request, so <img> media loads authenticate without a URL token. Use hmac.compare_digest for constant-time comparison and add Cache-Control: no-store + Referrer-Policy: no-referrer on untrusted biometric media. Also cover upload/import boundary validation (400) at the HTTP layer.	2026-06-20 18:43:53 +09:00
..
operator_gui	fix: resolve multi-agent review findings for workbench efficiency round	2026-06-12 18:44:35 +09:00
rights_filter	fix: cookie-based operator auth keeps token out of URLs	2026-06-20 18:43:53 +09:00

유창욱 1abb1107a2 fix: cookie-based operator auth keeps token out of URLs

Address commit security review: replace the ?token= query fallback (which
leaked the token into logs/referrers) with an HttpOnly, SameSite=Strict
session cookie minted on the first header-authenticated request, so <img>
media loads authenticate without a URL token. Use hmac.compare_digest for
constant-time comparison and add Cache-Control: no-store + Referrer-Policy:
no-referrer on untrusted biometric media. Also cover upload/import boundary
validation (400) at the HTTP layer.

2026-06-20 18:43:53 +09:00

operator_gui

fix: resolve multi-agent review findings for workbench efficiency round

2026-06-12 18:44:35 +09:00

rights_filter

fix: cookie-based operator auth keeps token out of URLs

2026-06-20 18:43:53 +09:00