neko/web/static, branch claude/improve-test-coverage-iBkwc

Fix CSP violation on login page by moving inline script to external file

2026-02-17T03:01:17+00:00

Fix scroll-to-read functionality across all UIs (V1, V2, V3)

2026-02-17T00:35:38+00:00

Enhance CSRF protection for login page

2026-02-16T22:02:48+00:00

Login form now includes a CSRF token from the cookie as a hidden form
field. The CSRF middleware accepts tokens from either the X-CSRF-Token
header (for JS clients) or the csrf_token form field (for HTML forms).
Removed /login from the CSRF exclusion list so login POSTs are now
validated.

Co-Authored-By: Claude Opus 4.6

Fix restricted login access and modernize login page

2026-02-16T16:00:53+00:00

- Close NK-oqd24q: Fix login access for v3/api
- Update web.go to exclude /login/ from CSRF check during initial submission
- Modernize web/static/login.html with new CSS and structure
- Add web/login_test.go to verify CSRF exclusion
- Created NK-ngokc3 for further CSRF enhancements

Audit and reduce Go dependencies: replace go.rice with embed, pflag with flag

2026-02-14T06:23:54+00:00