eliott/worldmonitor
1
0
Fork 0
mirror of https://github.com/koala73/worldmonitor.git synced 2026-04-26 17:45:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
453 Commits 139 Branches 48 Tags
5e77433acabd87abd97ffae40447be79626b6c8f
Commit Graph

4 Commits

Author SHA1 Message Date
Elie Habib
f56d44f2f2 Use wildcard CORS for *.worldmonitor.app subdomains 2026-01-23 08:30:15 +04:00
Elie Habib
81c538255d Add tech.worldmonitor.app to API CORS allowlists 2026-01-23 08:29:33 +04:00
Elie Habib
7ecb1b1597 Security hardening for EIA and USASpending features 
Fixes identified by red-team audit:

EIA API Proxy:
- Restrict CORS to allowed origins only (HIGH)
- Add HTTP method validation - GET/OPTIONS only (MEDIUM)
- Remove error message information leakage (HIGH)

USASpending Service:
- Add input validation bounds for daysBack (1-90) and limit (1-50)

EconomicPanel:
- Escape all dynamic values in templates (XSS prevention)
- Escape numeric values, trend colors, icons, dates
 2026-01-16 16:18:41 +04:00
Elie Habib
5bbe126484 Fix EIA API routing with Vercel catch-all route 2026-01-16 15:41:48 +04:00