xamxam

PostERG/xamxam

Fork 0

mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00

Commit Graph

Author	SHA1	Message	Date
Pontoporeia	04094d802d	fix: harden security based on pentest scan findings - Add Content-Security-Policy to main nginx server block (was only on /admin/) - Add Cross-Origin-Opener-Policy and Cross-Origin-Resource-Policy headers - Add includeSubDomains to HSTS header - Set HttpOnly, Secure, SameSite=Lax session cookie params on public pages (AdminAuth already hardens the /admin session with SameSite=Strict) - Update xamxam.conf.reference and SECURITY_HEADERS.md to match	2026-05-19 00:08:06 +02:00
Pontoporeia	c949cf9481	rename posterg → xamxam throughout: nginx conf, scripts, PHP source, docs	2026-05-05 11:04:52 +02:00
Pontoporeia	507f3eb704	Consolidate nginx docs and scripts, update paths	2026-04-15 14:24:44 +02:00

Author

SHA1

Message

Date

Pontoporeia

04094d802d

fix: harden security based on pentest scan findings

- Add Content-Security-Policy to main nginx server block (was only on /admin/)
- Add Cross-Origin-Opener-Policy and Cross-Origin-Resource-Policy headers
- Add includeSubDomains to HSTS header
- Set HttpOnly, Secure, SameSite=Lax session cookie params on public pages
  (AdminAuth already hardens the /admin session with SameSite=Strict)
- Update xamxam.conf.reference and SECURITY_HEADERS.md to match

2026-05-19 00:08:06 +02:00

Pontoporeia

c949cf9481

rename posterg → xamxam throughout: nginx conf, scripts, PHP source, docs

2026-05-05 11:04:52 +02:00

Pontoporeia

507f3eb704

Consolidate nginx docs and scripts, update paths

2026-04-15 14:24:44 +02:00

3 Commits