gatehouse-api

coryHawkvelt/gatehouse-api

Fork 0

Commit Graph

Author	SHA1	Message	Date
coryHawkvelt	60799bbc52	fix(cors): handle wildcard origin with credentials and add unit tests - Refactor CORS middleware to echo request origin when wildcard + credentials is configured (browsers reject Access-Control-Allow-Origin: * with Access-Control-Allow-Credentials: true) - Add _is_origin_allowed() and _cors_origin_header() helpers - Use CORS_SUPPORTS_CREDENTIALS config consistently - Ensure consistent Access-Control-Allow-Headers in all CORS paths - Fix redirect validation in get_token() to allow wildcard CORS origins - Add 46 unit tests covering encryption round-trips, idempotency, key derivation, thread safety, CORS origin matching, and preflight responses	2026-04-26 01:12:39 +09:30
coryHawkvelt	af0281281a	web authn working!	2026-01-16 11:25:27 +10:30
coryHawkvelt	2c0aaf484b	move app to gatehouse-app	2026-01-15 03:40:29 +10:30

Author

SHA1

Message

Date

coryHawkvelt

60799bbc52

fix(cors): handle wildcard origin with credentials and add unit tests

- Refactor CORS middleware to echo request origin when wildcard + credentials
  is configured (browsers reject Access-Control-Allow-Origin: * with
  Access-Control-Allow-Credentials: true)
- Add _is_origin_allowed() and _cors_origin_header() helpers
- Use CORS_SUPPORTS_CREDENTIALS config consistently
- Ensure consistent Access-Control-Allow-Headers in all CORS paths
- Fix redirect validation in get_token() to allow wildcard CORS origins
- Add 46 unit tests covering encryption round-trips, idempotency, key
  derivation, thread safety, CORS origin matching, and preflight responses

2026-04-26 01:12:39 +09:30

coryHawkvelt

af0281281a

web authn working!

2026-01-16 11:25:27 +10:30

coryHawkvelt

2c0aaf484b

move app to gatehouse-app

2026-01-15 03:40:29 +10:30

3 Commits