Skip to content

fix(security): add OAuth CSRF protection and secure token exchange #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
skylenet merged 2 commits into from
Jan 8, 2026
Merged

fix(security): add OAuth CSRF protection and secure token exchange #2

skylenet merged 2 commits into from
Jan 8, 2026

Conversation

@skylenet
Copy link
Member

@skylenet skylenet commented Jan 8, 2026

  • Add OAuth state validation for CSRF protection on GitHub OAuth flow
  • Replace token-in-URL with one-time exchange codes for cross-origin auth
  • Add WebSocket origin validation against configured CORS origins
  • Add Secure cookie flag for HTTPS requests
  • Add oauth_states and auth_codes tables to SQLite and PostgreSQL
  • Update UI to exchange auth code for session token

@skylenet
fix(security): add OAuth CSRF protection and secure token exchange
d1531c5 
- Add OAuth state validation for CSRF protection on GitHub OAuth flow
- Replace token-in-URL with one-time exchange codes for cross-origin auth
- Add WebSocket origin validation against configured CORS origins
- Add Secure cookie flag for HTTPS requests
- Add oauth_states and auth_codes tables to SQLite and PostgreSQL
- Update UI to exchange auth code for session token

🤖 Generated with [Claude Code](https://claude.com/claude-code)
@skylenet
fix(ci): install npm dependencies before linting UI
c7e678d 
🤖 Generated with [Claude Code](https://claude.com/claude-code)
@skylenet skylenet merged commit 15bb3dc into master Jan 8, 2026
4 checks passed
@skylenet skylenet deleted the sec branch January 8, 2026 15:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@skylenet