catlog22/Claude-Code-Workflow
1
0
Fork 0
mirror of https://github.com/catlog22/Claude-Code-Workflow.git synced 2026-02-10 02:24:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: update CSRF protection logic and enhance GPU detection method; improve i18n for hook wizard templates

Browse Source
This commit is contained in:
catlog22
2026-01-13 21:49:08 +08:00
parent 6305f19bbb
commit 85972b73ea
3 changed files with 31 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ccw/src/core/auth/csrf-middleware.ts
View File

@@ -113,7 +113,9 @@ export async function csrfValidation(ctx: CsrfMiddlewareContext): Promise<boolea
const { pathname, req, res } = ctx;
if (!pathname.startsWith('/api/')) return true;
if (envFlagEnabled('CCW_DISABLE_CSRF')) return true;
// CSRF is disabled by default for local deployment scenarios.
// Set CCW_ENABLE_CSRF=1 to enable CSRF protection.
if (!envFlagEnabled('CCW_ENABLE_CSRF')) return true;
const method = (req.method || 'GET').toUpperCase();
if (!['POST', 'PUT', 'PATCH', 'DELETE'].includes(method)) return true;