aboutsummaryrefslogtreecommitdiffstats
path: root/internal/safehttp
Commit message (Collapse)AuthorAgeFilesLines
* fix: implement HTTP/2 fallback for SafeClient on protocol errorsAdam Mathes7 days2-3/+56
|
* Revert "fix: disable HTTP/2 in SafeClient to avoid unhandled response frame ↵Adam Mathes7 days1-6/+0
| | | | | | errors" This reverts commit ee3f5edab92b0ca14dc0b3c98862f721bddaf7d5.
* fix: disable HTTP/2 in SafeClient to avoid unhandled response frame errorsAdam Mathes7 days1-0/+6
|
* Increase test coverage across lowest-coverage packagesclaude/improve-test-coverage-iBkwcClaude7 days1-0/+287
| | | | | | | | | | | | | | | | Major coverage improvements: - safehttp: 46.7% -> 93.3% (SafeDialer, redirect checking, SSRF protection) - api: 81.8% -> 96.4% (HandleImport 0% -> 100%, stream errors, content types) - importer: 85.3% -> 94.7% (ImportFeeds dispatcher, OPML nesting, edge cases) - cmd/neko: 77.1% -> 85.4% (purge, secure-cookies, minutes, allow-local flags) New tests added: - Security regression tests (CSRF token uniqueness, mismatch rejection, auth cookie HttpOnly, security headers, API auth requirements) - Stress tests for concurrent mixed operations and rapid state toggling - SSRF protection tests for SafeDialer hostname resolution and redirect paths https://claude.ai/code/session_01XUBh32rHpbYue1JYXSH64Q
* Fix link underlines in v3 UI and SSRF proxy bypassClaude8 days1-0/+1
| | | | | | | | | | - Add text-decoration: none to .item-description a links in v3 CSS to match v1 style (no underlines on feed item content links) - Fix safehttp to disable proxy on safe client; without this, HTTP proxy env vars bypass the DialContext SSRF check for IPs like 10.0.0.1, causing TestSafeClient to fail https://claude.ai/code/session_01DpWhB9uGGMBnzqS28HxnuV
* security: add HTTP security headers (fixing NK-7xuajb)Adam Mathes11 days1-1/+7
|
* security: mitigate SSRF in image proxy and feed fetcher (fixing NK-0ca7nq)Adam Mathes11 days2-0/+163
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-25 17:29:04 +0000