worldmonitor

eliott/worldmonitor

Fork 0

mirror of https://github.com/koala73/worldmonitor.git synced 2026-04-27 18:07:22 +02:00

Commit Graph

Author	SHA1	Message	Date
Elie Habib	7ecb1b1597	Security hardening for EIA and USASpending features Fixes identified by red-team audit: EIA API Proxy: - Restrict CORS to allowed origins only (HIGH) - Add HTTP method validation - GET/OPTIONS only (MEDIUM) - Remove error message information leakage (HIGH) USASpending Service: - Add input validation bounds for daysBack (1-90) and limit (1-50) EconomicPanel: - Escape all dynamic values in templates (XSS prevention) - Escape numeric values, trend colors, icons, dates	2026-01-16 16:18:41 +04:00
Elie Habib	5bbe126484	Fix EIA API routing with Vercel catch-all route	2026-01-16 15:41:48 +04:00

Author

SHA1

Message

Date

Elie Habib

7ecb1b1597

Security hardening for EIA and USASpending features

Fixes identified by red-team audit:

EIA API Proxy:
- Restrict CORS to allowed origins only (HIGH)
- Add HTTP method validation - GET/OPTIONS only (MEDIUM)
- Remove error message information leakage (HIGH)

USASpending Service:
- Add input validation bounds for daysBack (1-90) and limit (1-50)

EconomicPanel:
- Escape all dynamic values in templates (XSS prevention)
- Escape numeric values, trend colors, icons, dates

2026-01-16 16:18:41 +04:00

Elie Habib

5bbe126484

Fix EIA API routing with Vercel catch-all route

2026-01-16 15:41:48 +04:00

2 Commits