buildfor_life_repair

B4L/buildfor_life_repair

Fork 0

Commit Graph

Author	SHA1	Message	Date
grabowski	0ceee55f9b	Replace SvelteKit CSRF with custom multi-origin check Deploy to LXC / deploy (push) Successful in 19s Details SvelteKit's built-in CSRF only allows one origin, breaking access via NetBird/Yggdrasil/Tor IPs. Now: - Disabled checkOrigin in svelte.config.js - Custom CSRF in hooks.server.ts checks Origin against ALLOWED_ORIGINS - ALLOWED_ORIGINS env var: comma-separated list of trusted origins - Caddy no longer needs to rewrite Host/Origin headers - Each access method (public domain, NetBird IP, Yggdrasil, Tor onion) just needs its URL added to ALLOWED_ORIGINS Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 14:23:02 +07:00
grabowski	bb8a96d281	Fix upload size limit: add BODY_SIZE_LIMIT env and error handling Deploy to LXC / deploy (push) Successful in 21s Details - Added BODY_SIZE_LIMIT=52428800 (50MB) to .env.example - handleError in hooks catches body size exceeded and returns friendly message - Client-side file size check on image upload input (alerts before submit) - adapter-node uses BODY_SIZE_LIMIT env var (default was 512KB) To fix: add BODY_SIZE_LIMIT=52428800 to .env on the server and restart. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-09 14:15:36 +07:00
grabowski	6f0e0ad6c6	Initial commit: buildfor_life_repair inventory system SvelteKit + PostgreSQL app for tracking vintage computers, audio equipment, components, and installation history. Features device/component CRUD, operation logs, QR code labels, global search, image uploads, and dark mode. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-06 17:11:05 +07:00

Author

SHA1

Message

Date

grabowski

0ceee55f9b

Replace SvelteKit CSRF with custom multi-origin check

Deploy to LXC / deploy (push) Successful in 19s

Details

SvelteKit's built-in CSRF only allows one origin, breaking access via
NetBird/Yggdrasil/Tor IPs. Now:
- Disabled checkOrigin in svelte.config.js
- Custom CSRF in hooks.server.ts checks Origin against ALLOWED_ORIGINS
- ALLOWED_ORIGINS env var: comma-separated list of trusted origins
- Caddy no longer needs to rewrite Host/Origin headers
- Each access method (public domain, NetBird IP, Yggdrasil, Tor onion)
  just needs its URL added to ALLOWED_ORIGINS

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-13 14:23:02 +07:00

grabowski

bb8a96d281

Fix upload size limit: add BODY_SIZE_LIMIT env and error handling

Deploy to LXC / deploy (push) Successful in 21s

Details

- Added BODY_SIZE_LIMIT=52428800 (50MB) to .env.example
- handleError in hooks catches body size exceeded and returns friendly message
- Client-side file size check on image upload input (alerts before submit)
- adapter-node uses BODY_SIZE_LIMIT env var (default was 512KB)

To fix: add BODY_SIZE_LIMIT=52428800 to .env on the server and restart.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-09 14:15:36 +07:00

grabowski

6f0e0ad6c6

Initial commit: buildfor_life_repair inventory system

SvelteKit + PostgreSQL app for tracking vintage computers, audio equipment,
components, and installation history. Features device/component CRUD, operation
logs, QR code labels, global search, image uploads, and dark mode.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-06 17:11:05 +07:00

3 Commits