A6-9V/MQL5-Google-Onedrive
1
0
Fork 0
forked from LengKundee/MQL5-Google-Onedrive
Code Pull requests Activity
430 commits 269 branches 0 tags 331 MiB
Commit graph

4 commits

Author SHA1 Message Date
google-labs-jules[bot]
f59010950f Fix information leakage in web dashboard error handling 2026-02-26 11:16:47 +00:00
google-labs-jules[bot]
0b8a09a572 Add security headers to web dashboard (CSP, HSTS, X-Frame-Options) 
- Implemented `@app.after_request` in `scripts/web_dashboard.py` to inject security headers.
- Added `Content-Security-Policy` with `default-src 'self'`, blocking inline scripts.
- Added `X-Content-Type-Options: nosniff`.
- Added `X-Frame-Options: SAMEORIGIN`.
- Added `Referrer-Policy: strict-origin-when-cross-origin`.
- Added unit test `test_security_headers` to `scripts/test_web_dashboard.py` to verify header presence.
- Mitigates Stored XSS, Clickjacking, and MIME sniffing risks.
 2026-02-09 11:27:48 +00:00
google-labs-jules[bot]
644c00e696 🎨 Palette: Add skip-to-content link for accessibility 2026-02-08 11:20:56 +00:00
google-labs-jules[bot]
9d93a21039 Bolt: Optimize health check endpoint 
💡 What: Separated the /health endpoint from the main dashboard rendering logic. It now returns a lightweight JSON response.
🎯 Why: The previous implementation rendered the full Markdown dashboard for every health check, consuming unnecessary CPU and I/O resources during frequent polling.
📊 Impact: Reduces health check processing time from file reading + markdown parsing (~milliseconds) to a simple JSON return (~microseconds).
🔬 Measurement: Verified with new test script scripts/test_web_dashboard.py and updated render.yaml/app.yaml to use the new endpoint.
 2026-01-21 05:17:23 +00:00