PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Reintroduce TFE duration metadata: DB columns, form fields, controllers, views, and migration

Browse Source 
Add 'unsafe-eval' to CSP script-src directives (htmx requires Function())
This commit is contained in:
Pontoporeia
2026-06-11 13:05:37 +02:00
parent 00fed5f0e3
commit d588ae004d
81 changed files with 1061 additions and 840 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/public/admin/toast-fragment.php
View File

@@ -9,7 +9,13 @@
require_once __DIR__ . '/../../bootstrap.php';
require_once __DIR__ . '/../../src/AdminAuth.php';
AdminAuth::requireLogin();
// Don't redirect unauthenticated requests — just return empty (defense-in-depth).
// The toast-region poll fires on <hx-trigger="load">; if the user is on the
// login page they are not authenticated yet.
if (!AdminAuth::isAuthenticated()) {
http_response_code(204);
exit;
}
$flash = App::consumeFlash();