changemaker.lite

History

bunker-admin 3f35e4b18d Harden MkDocs header auth-check: targeted postMessage, tighter CSP

- Replace postMessage wildcard ('*') with explicit parent origin passed
  via ?origin= parameter to prevent auth state disclosure to arbitrary
  embedders
- Tighten frame-ancestors CSP: production restricts to self + DOMAIN,
  dev restricts to localhost origins (was frame-ancestors *)
- Remove deprecated X-Frame-Options ALLOW-FROM header (CSP
  frame-ancestors is the modern replacement)
- Validate targetOrigin with URL constructor before use

Bunker Admin

2026-03-07 16:44:29 -07:00

api.conf.template

Clean up nginx conf.d: remove dead configs, gitignore generated files, fix templates

2026-03-06 12:24:26 -07:00

default.conf.template

Harden MkDocs header auth-check: targeted postMessage, tighter CSP

2026-03-07 16:44:29 -07:00

services.conf.template

Harden MkDocs header auth-check: targeted postMessage, tighter CSP

2026-03-07 16:44:29 -07:00