jprdonnelly/freeCodeCamp
1
0
Fork 0
mirror of https://github.com/freeCodeCamp/freeCodeCamp.git synced 2026-02-02 06:04:06 -05:00
Code Issues Projects Releases Wiki Activity
35,548 Commits 4 Branches 0 Tags
08df225ced883663a3f8626423a4df29eaa35ec7
Commit Graph

5 Commits

Author SHA1 Message Date
Oliver Eyton-Williams
25ff25e74f feat(api): remove csrf protection from get-session-user (#51615) 2023-10-03 16:17:00 -05:00
Oliver Eyton-Williams
5e17868c74 fix(api): allow fastify to set content-type dynamically (#50248) 
fix: allow fastify to set content-type dynamically

We can set content-type: application/json for specific routes, but
doing so ends up with confusing, over-engineered code.

Instead we should take care when auditing the endpoints.
 2023-05-02 10:15:31 -07:00
Oliver Eyton-Williams
46cdfd7802 feat(api): add CORS headers (#50120) 
* test: allow mocking of env vars

Since utils/env is a module, we can mock it to control env vars in
tests. However, it's not compatible with building the server in
setupFilesAfterEnv, so, instead, we can use a utility function to keep
things DRY.

* fix: update type of fastifyTestInstance

* chore: add comment about sts preload

* chore: rename header plugin

* test: add get util + provide origin on request

* feat: add cors headers

* chore: add TODO
 2023-04-26 09:02:12 +02:00
Oliver Eyton-Williams
5f12720ad2 fix: use onRequest to add headers (#50125) 
* fix: use onrequest to add headers

We want to add them no-matter what, so we should use the earliest hook
available.
 2023-04-24 11:08:19 +02:00
Oliver Eyton-Williams
71d5a67745 feat(api): add security headers (#49995) 
* feat(api): add security headers

Includes the OWASP recommended headers for REST APIs. Taken from
https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html#security-headers

* test: check OWASP headers appear on GET / request

* fix: only enable Strict-Transport-Security in prod
 2023-04-13 10:16:58 +02:00