cartsnitch/app
12
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
173 Commits 18 Branches 1 Tag
0a9e936400a3cb9e4bc8aed8a6fa4dadd5caf274
Commit Graph

3 Commits

Author SHA1 Message Date
CartSnitch Engineer Bot c4f77bcd08 fix: restrict CORS to explicit methods and add security headers 
- Replace allow_methods=["*"] with explicit list: GET, POST, PUT, DELETE, PATCH, OPTIONS
- Replace allow_headers=["*"] with explicit list: Content-Type, Authorization, Accept, Origin, X-Requested-With
- Add X-Frame-Options, X-Content-Type-Options, Referrer-Policy, CSP nginx headers

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 11:49:02 +00:00
cartsnitch-engineer[bot] e41d24718e fix: update nginx listen port to 8080 for non-root operation 
Non-root users cannot bind to ports < 1024. Port 8080 is used by
nginxinc/nginx-unprivileged by default.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-22 01:27:31 +00:00
deploy-debbie[bot] 5ad8fb806f feat: add multi-stage Dockerfile for PWA 
Build stage uses node:20-alpine to install deps and build.
Prod stage uses nginx:stable-alpine to serve static assets.
Includes nginx config with SPA routing, gzip, health endpoint,
and aggressive caching for Vite-hashed assets.

Closes #6

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-18 13:26:57 +00:00